Configure AWS s3 bucket user access

Configure user access to aws s3 bucket. Then you can use aws cli to read/write data.

Configure access via IAM

• IAM is not IAM Identity Center

Create a user group

• always create user groups first and add users to these roles later
  • it’s better than creating many users with duplicated permissions
• create user group
• do not choose any settings on this creation page.
• just click create group

add policy

• click on created user group
• change to tab Permissions
• add permissions > create inline policy
• change to json view
• paste the following:

  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "ListObjectsInBucket",
        "Effect": "Allow",
        "Action": ["s3:ListBucket"],
        "Resource": ["arn:aws:s3:::<your_bucket_name>"]
      },
      {
        "Sid": "AllObjectActions",
        "Effect": "Allow",
        "Action": "s3:*Object",
        "Resource": ["arn:aws:s3:::<your_bucket_name>/*"]
      }
    ]
  }
• click add/create (give name)

Create a user

• in IAM click users
• create user
• choose name
• keep AWS management console access unchecked (not needed for aws cli)
• add user to the group that was created before
• click next
• create user

create credentials

• in IAM
• click on users
• select the user you want to create credentials for
• select tab security credentials
• scroll down to section Access keys
• click create access key
• choose use case command line interface (CLI)

Additional resources

• Grant read and write access to Amazon S3 bucket objects
• Configuring IAM Identity Center authentication with the AWS CLI