Granulate access to your S3 bucket
Previously, I have posted how to create S3 bucket and how to alias a domain / sub-domain to S3. This post will guide You how to create single access to your S3 bucket. AWS console can be daunting sometimes. AWS console has provided good foundation to interact with all AWS services.
https://console.aws.amazon.com/iam is the place where You want to go to manage user access and create the access policy for AWS services. Now, We have created a bucket lets call it “ourbucket”, I have few other buckets lets call them “secretbucket” and ‘treasurebucket”. Uploading, Creating, Listing, Reading, Deleting is single click away. Oh, hang on.. What If I want to share “ourbucket” to my co-workers without provision permission to other buckets. Worry Not..
First, Login to AWS IAM https://console.aws.amazon.com/iam. Create a Group and name it, on this occasion We call it “ourbucketgroup”. Next, is the policy. We need specify access “ourbucket”. Name the policy “ourbucketpolicy” , On Policy document use below :
{ "Statement": [ { "Action": "s3:*", "Effect": "Allow", "Resource": [ "arn:aws:s3:::ourbucket", "arn:aws:s3:::ourbucket/*" ] } ], "Statement": [ { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn:aws:s3:::*" } ] }//Coding above credit to mike ferrier\\
Done ? Click Continue.
Second, We create a new user id to access “ourbucket”, let’s call it ourbuckets3login. Quick note : You need to be a tidy nazi for your access control. Attach the user id to the ourbucketgroup and Set the Password for ourbuckets3login.
And Done! Done! Done! You can give the credential to your co-workers and sit tight enjoying the rest of your day.
Next
Andreas Wasita 