AWS S3 (Simple Storage Service) is one of the most popular services offered by AWS. S3 is cheap reliable and easy to use when you want to store your data. But before you can work with S3, you will need the correct set of permissions to write and read data from S3. In this blog, we will learn how to create IAM user to access S3 resources.

At first, this may sound difficult but it is not. You can think of it as creating an account with a user id and password to work with your S3 account. So let us get started.

1. Log in to AWS Account

The first step is simple, you have to log in to your AWS account. If you do not have an account you can create one very easily. Follow these steps to create a new AWS account.

2. Search for IAM from the AWS console

Once you log in to AWS, you will be greeted by the AWS console.

First impression of AWS Console
AWS Console

For new users, this might look daunting but we do not need to worry about most of these services. We want to search and go to the IAM service.

Finding IAM service from AWS Console
Finding IAM service from AWS Console

3. Creating IAM User with S3 Access Permissions

Once you are at IAM you can click on the Users menu option which is at the left sidebar.

IAM Users menu on the left sidebar
IAM Users menu on the left sidebar

Once you click on that, you will see previously created IAM users (if any) and also the option to create a new user.

IAM users screen with option add new user
IAM users screen and option add new user

3.1 Creating new IAM user with programmatic access

Click on Add User button. This will take you to a screen where you can create a new user. On that screen, you have to give your user a name and select the programmatic access checkbox as shown in the below image.

Creating new IAM user step 1 - User name and programmatic access
Creating new IAM user step 1 – User name and programmatic access

The programmatic access option will give you a secret access key and its id (kind of username and password) to work with AWS S3 from any machine. Once you filled out details correctly click on the Next button at bottom of the screen.

3.2 Attaching S3 permissions to the user.

On the next screen, we can add permissions to our user. These permissions will decide what kind of actions users can perform on our AWS account. Currently, we want our user to work with S3. For that, we will have to attach the S3 access policy to our user.

Working with S3 is such a common task that AWS has created a policy that will grant our user permissions to perform actions on S3. To use the exiting policy created by AWS click on the “Attach existing policies directly” button and search for “s3fullaccess”

Attaching s3fullaccess policy to IAM user
Attaching s3fullaccess policy to IAM user

To attach this policy to our user, click on the checkbox on the left of the policy name and click on the Next: Tags button at bottom of the screen.

3.3 Adding tags to IAM user

On next screen, you can add tags to the IAM user. This is an optional step. In AWS tags are used to filter and track resources. This is an advanced feature and we will ignore this for now.

Optional step - Adding tags to IAM user
Optional step – Adding tags to IAM user

Click on the Next: Review button at the bottom of the screen.

3.4 Review all details before creating an IAM user

On the next screen you can review all details like user name, which policies you have attached to this user, and any of the tags you have specified in the last step. Check if everything is okay and click on Create User button.

Reviewing user details before creating IAM User
Reviewing user details before creating IAM User

3.5 Creating IAM user and noting its credentials

The last step is creating an IAM user and getting user credentials that can be used to access S3 services.

If you have done everything correctly, you will see the below screen with the success message and Access key ID and Secret Access Key for our user.

Access Key Id and Secret access key for new IAM user
Access Key Id and Secret access key for new IAM user

Please note that this is the only time you will have access to these credentials so please save them somewhere. Optionally you can also download these details in a CSV file and save that file on your system.

Setting up AWS IAM user on a local machine

Till now we have created an IAM user that has access to S3. Great! But how do we use it? How can we upload files using this user?

For that, we have to set up this user in our machine. You can find detailed steps for it in this blog. But if you are in hurry here is short summary.

  • Open termianal (on Mac and Linux) or powershell (on windows)
  • Install AWS CLI on your machine ( AWS Documention for installing CLI )
  • Then run “aws configure” command in terminal and when prompted enter access key id, secreat access key for your user
  • You can ignore region and output format and keep them empty while setting up cli user

After this, you should have everything set up to work with S3. You can validate that by running bellow commands which list all the buckets in S3. 

aws s3 ls

Conclusion

In this blog, we have created a new IAM user which has permission to work with S3. Though this is a one-time activity, it can be difficult to know what to do when you are starting with AWS.

I hope you have found this useful. In next few blogs we will learn how to work with S3 and its different operations. If you are interested stick around. See you in the next blog.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *