AWS S3 (Simple Storage Service) is one of the most popular services offered by AWS. S3 is cheap reliable and easy to use when you want to store your data. But before you can work with S3, you will need the correct set of permissions to write and read data from S3. In this blog, we will learn how to create IAM user to access S3 resources.
At first, this may sound difficult but it is not. You can think of it as creating an account with a user id and password to work with your S3 account. So let us get started.
1. Log in to AWS Account
The first step is simple, you have to log in to your AWS account. If you do not have an account you can create one very easily. Follow these steps to create a new AWS account.
2. Search for IAM from the AWS console
Once you log in to AWS, you will be greeted by the AWS console.
For new users, this might look daunting but we do not need to worry about most of these services. We want to search and go to the IAM service.
3. Creating IAM User with S3 Access Permissions
Once you are at IAM you can click on the Users menu option which is at the left sidebar.
Once you click on that, you will see previously created IAM users (if any) and also the option to create a new user.
3.1 Creating new IAM user with programmatic access
Click on Add User button. This will take you to a screen where you can create a new user. On that screen, you have to give your user a name and select the programmatic access checkbox as shown in the below image.
The programmatic access option will give you a secret access key and its id (kind of username and password) to work with AWS S3 from any machine. Once you filled out details correctly click on the Next button at bottom of the screen.
3.2 Attaching S3 permissions to the user.
On the next screen, we can add permissions to our user. These permissions will decide what kind of actions users can perform on our AWS account. Currently, we want our user to work with S3. For that, we will have to attach the S3 access policy to our user.
Working with S3 is such a common task that AWS has created a policy that will grant our user permissions to perform actions on S3. To use the exiting policy created by AWS click on the “Attach existing policies directly” button and search for “s3fullaccess”
To attach this policy to our user, click on the checkbox on the left of the policy name and click on the Next: Tags button at bottom of the screen.
3.3 Adding tags to IAM user
On next screen, you can add tags to the IAM user. This is an optional step. In AWS tags are used to filter and track resources. This is an advanced feature and we will ignore this for now.
Click on the Next: Review button at the bottom of the screen.
3.4 Review all details before creating an IAM user
On the next screen you can review all details like user name, which policies you have attached to this user, and any of the tags you have specified in the last step. Check if everything is okay and click on Create User button.
3.5 Creating IAM user and noting its credentials
The last step is creating an IAM user and getting user credentials that can be used to access S3 services.
If you have done everything correctly, you will see the below screen with the success message and Access key ID and Secret Access Key for our user.
Please note that this is the only time you will have access to these credentials so please save them somewhere. Optionally you can also download these details in a CSV file and save that file on your system.
Setting up AWS IAM user on a local machine
Till now we have created an IAM user that has access to S3. Great! But how do we use it? How can we upload files using this user?
For that, we have to set up this user in our machine. You can find detailed steps for it in this blog. But if you are in hurry here is short summary.
- Open termianal (on Mac and Linux) or powershell (on windows)
- Install AWS CLI on your machine ( AWS Documention for installing CLI )
- Then run “aws configure” command in terminal and when prompted enter access key id, secreat access key for your user
- You can ignore region and output format and keep them empty while setting up cli user
After this, you should have everything set up to work with S3. You can validate that by running bellow commands which list all the buckets in S3.
aws s3 ls
In this blog, we have created a new IAM user which has permission to work with S3. Though this is a one-time activity, it can be difficult to know what to do when you are starting with AWS.
I hope you have found this useful. In next few blogs we will learn how to work with S3 and its different operations. If you are interested stick around. See you in the next blog.