AWS S3 (Simple Storage Service) is one of the most popular services offered by AWS. It is cheap, reliable, and easy to use for storing data. However, before you can work with S3, you will need the correct permissions to write and read data from S3. This blog will teach you how to create an IAM user to access S3 resources.
At first, this may sound difficult, but it is not. You can think of it as creating an account with a user ID and password to work with your S3 account. So, let us get started.
1. Log in to the AWS Account
The first step is simple: log in to your AWS account. If you do not have an account, you can quickly create one. Follow these steps to create a new AWS account.
2. Search for IAM from the AWS console
Once you log in to AWS, you will be greeted by the AWS console.
This might look daunting for new users, but we do not need to worry about most of these services. We want to search and go to the IAM service.
3. Creating IAM User with S3 Access Permissions
Once at the IAM service, click the Users menu option at the left sidebar.
Once you click on that, you will see previously created IAM users (if any) and the option to create a new user.
3.1 Creating a new IAM user with programmatic access
Click on the Add User button. This will take you to a screen where you can create a new user. On that screen, you have to give your user a name and select the programmatic access checkbox shown in the image below.
The programmatic access option will give you a secret access key and its ID (kind of username and password) to work with AWS S3 from any machine. Once you filled out the details correctly, click the Next button at the bottom of the screen.
3.2 Attaching S3 permissions to the user.
On the next screen, we can add permissions to our users. These permissions will decide what actions users can perform on our AWS account. Currently, we want our users to work with S3. We will have to attach the S3 access policy to our user for that.
Working with S3 is such a common task that AWS has created a policy granting our users permission to perform actions on S3. To use the existing policy created by AWS, click on the “Attach existing policies directly” button and search for “s3fullaccess.”
To attach this policy to our user, click on the checkbox on the left of the policy name and click the Next: Tags button at the bottom of the screen.
3.3 Adding tags to IAM user
On the next screen, you can add tags to the IAM user. This is an optional step. In AWS, tags are used to filter and track resources. This is an advanced feature, and we will ignore it for now.
Click on the Next: Review button at the bottom of the screen.
3.4 Review all details before creating an IAM user
On the next screen, you can review all details, like the user name, which policies you have attached to this user, and any of the tags you specified in the last step. Check if everything is okay and click on the Create User button.
3.5 Creating an IAM user and noting its credentials
The last step is creating an IAM user and getting user credentials that can be used to access S3 services.
If you have done everything correctly, you will see the screen below with the success message, Access key ID, and Secret Access Key for our user.
Please note that this is the only time you can access these credentials, so please save them somewhere. Alternatively, you can download these details in a CSV file and save that file on your system.
Setting up AWS IAM user on a local machine
So far, we have created an IAM user with access to S3. Great! But how do we use it? How can we upload files using this user?
For that, we have to set up this user in our machine. You can find detailed steps for it in this blog. But if you are in a hurry, here is a summary.
- Open terminal (on Mac and Linux) or Powershell (on Windows)
- Install AWS CLI on your machine ( AWS Documentation for installing CLI )
- Then run the “aws configure” command in the terminal, and when prompted, enter the access key ID, secret access key for your user
- You can ignore region and output format and keep them empty while setting up CLIuser
After this, you should have everything set up to work with S3. You can validate that by running the below commands, which list all the buckets in S3.
aws s3 ls
In this blog, we have created a new IAM user who has permission to work with S3. Though this is a one-time activity, it can be difficult to know what to do when you are starting with AWS.
I hope you have found this helpful. In the following few blogs, we will learn how to work with S3 and its different operations. If you are interested, stick around. See you in the next blog.