Amazon S3

Create S3 full access credentials

This is the simplest way to create access credentials. The only down-side is these credentials can completely access and modify all your S3 storage buckets without restriction. For tighter security requirements, see the section below on creating restricted access credentials.
    1.
    Log into the AWS console and and visit the IAM service
    2.
    On the left menu, click on "Users" and press the "Add user" button on the next page
    3.
    Enter a username, select "Programmatic access" under access type and proceed to the next step
    4.
    Select "Attach existing policies directly", in the search box, type "s3" and check the "AmazonS3FullAccess" policy
    5.
    Complete the rest of the user setup process and create the user. You will then be shown your users "Access key ID" and "Secret access key". Take note of these values, especially since the secret key won't be accessible later. Use these values when creating your storage provider to authenticate

Get your S3 bucket region & name

Visit the S3 console to view and create storage buckets. The table on that page will show you all your bucket names and regions. Keep in mind, the value of the region when configuring our service must be the specific region ID, e.g. us-east-1 not US East (N. Virginia). You can find all the region ID's on the following AWS S3 regions page.

Create restricted access credentials

This method will allow you to create access credentials restricted to only certain buckets. It's a bit more complicated to create but it's well worth the effort.
    Log into the AWS console and and visit the IAM service
    On the left menu, click on "Policies" and press the "Create policy" button on the next page
    Select "JSON" on the create policy page and paste the following JSON into the editor. Make sure to replace <YOUR_BUCKET_NAME> with your actual bucket name
1
{
2
"Version": "2012-10-17",
3
"Statement": [
4
{
5
"Effect": "Allow",
6
"Action": [
7
"s3:PutObject",
8
"s3:GetBucketCORS",
9
"s3:PutBucketCORS"
10
],
11
"Resource": [
12
"arn:aws:s3:::<YOUR_BUCKET_NAME>",
13
"arn:aws:s3:::<YOUR_BUCKET_NAME>/*"
14
]
15
}
16
]
17
}
Copied!
    Press the review policy button at the bottom, give your policy and name and create it
    Next, on the left menu, click on "Users" and press the "Add user" button on the next page
    Enter a username, select "Programmatic access" under access type and proceed to the next step
    Select "Attach existing policies directly", with the help of the search box, find the policy you just created and check it
    Complete the rest of the user setup process and create the user. You will then be shown your users "Access key ID" and "Secret access key". Take note of these values, especially since the secret key won't be accessible later.
The above policy is the bare minimum required to work with our service. In future, we may require additional permissions for certain features. If you want to future proof yourself, consider creating a policy that gives complete access to your particular S3 bucket like below.
1
{
2
"Version": "2012-10-17",
3
"Statement": [
4
{
5
"Sid": "A",
6
"Effect": "Allow",
7
"Action": [
8
"s3:PutAccountPublicAccessBlock",
9
"s3:GetAccountPublicAccessBlock",
10
"s3:ListAllMyBuckets",
11
"s3:ListJobs",
12
"s3:CreateJob",
13
"s3:HeadBucket"
14
],
15
"Resource": "*"
16
},
17
{
18
"Sid": "B",
19
"Effect": "Allow",
20
"Action": "s3:*",
21
"Resource": [
22
"arn:aws:s3:::<YOUR_BUCKET_NAME>",
23
"arn:aws:s3:::<YOUR_BUCKET_NAME>/*",
24
"arn:aws:s3:*:*:job/*"
25
]
26
}
27
]
28
}
Copied!
Last modified 2yr ago