How to configure S3 bucket

From PUBLIC-WIKI
Revision as of 13:10, 12 March 2018 by Eyales (talk | contribs)
Jump to navigation Jump to search

Creating S3 bucket

  • Login to the S3 console:
https://s3.console.aws.amazon.com/s3/
  • Click on “Create bucket” -> specify bucket name -> make sure the bucket name is unique across all existing bucket names in Amazon S3 -> select a region close to your location -> click Next
  • Click on “Versioning” -> select “Enable versioning” -> click Save
  • Click on “Tags” -> specify key: AccountName, Value – specify here the AWS account name or ID -> click Save
  • Click on “Default encryption” -> select “AES-256” -> click Save
  • Click Next
  • Leave the default settings “Do not grant public read access to this bucket” -> click Next -> click “Create bucket”
  • For more information about S3 pricing model, see:
https://aws.amazon.com/s3/pricing/

Configuring IAM policy with read/write access to specific S3 bucket

  • Login to the IAM console:
https://console.aws.amazon.com/iam/
  • From the left pane, click on Policies -> Create policy:
  • Service: S3
  • Actions: List, Read, Write
  • Resources: Specific
  • Bucket: click on “Add ARN” -> specific the bucket name -> click Add
  • Object: Select Any
  • Click on Review Policy
  • Specify policy name (for example: S3ReadWriteSpecificBucket)
  • Click on “Create policy”

Configuring S3 access to specific IAM group

  • Login to the IAM console:
https://console.aws.amazon.com/iam/
  • From the left pane, click on Groups -> click on “Create New Group” -> specify group name -> click “Next Step” -> from the policy list, search for the previously created policy (for example: S3ReadWriteSpecificBucket) -> select the policy name -> click “Next Step”-> click “Create Group”
  • In the future, in case you need to allow IAM users access to the specific S3 bucket, add them the newly created group

Configuring S3 access to EC2 machines

  • Login to the IAM console:
https://console.aws.amazon.com/iam/
  • From the left pane, click on Roles -> Create role
  • From the service list, select EC2 -> click “Next: Permissions” -> from the policy list, search for the previously created policy (for example: S3ReadWriteSpecificBucket) -> select the policy name -> click “Next: Review” -> specify role name -> click on “Create role”
  • In the future, in case you need to allow EC2 machines access to the specific S3 bucket, add them the newly created IAM role