Creating an S3 Bucket on AWS
Amazon S3 (Simple Storage Service) provides object (file) storage through a web interface. It’s built to store, protect and retrieve data like photos, videos, documents, etc. from “buckets” at anytime from anywhere on any device. In other projects we will discuss in-depth permissions and security with S3 buckets. But for now, just think of a “bucket” as something that securely “holds” information.
Objectives:
- Create a user called “test-user”
- Add a “S3 full access” policy to your test-user
- Create a custom password for you user
- Login into your AWS account as “test-user”
- Create an S3 bucket with a unique name
- Confirm creation of the bucket under test-user
Prerequisites:
- AWS Management Console
Steps for Project 5:
- Create a user called “test-user”
For the purpose of the project, we will be starting from scratch which means creating a root account on AWS. If you already have an AWS account, you can skip steps a-e.
a. Navigate to Amazon Web Services (AWS) home page and click on “Create an AWS Account”.
Note: If you signed in to AWS recently, choose Sign in to the Console. If “Create a new AWS account” isn’t visible, first choose Sign in to a different account, and then choose Create a new AWS account.
b. Enter your account information, and then choose “Continue”. Be sure that you enter your account information correctly, especially your email address. If you enter your email address incorrectly, you can’t access your account.
c. Choose “Personal or Professional”. Note: Personal accounts and professional accounts have the same features and functions.
d. Enter your company or personal information. Important: For professional AWS accounts, it’s a best practice to enter the company phone number rather than a personal cell phone. Configuring a root account with an individual email address or a personal phone number can make your account insecure.
e. Read and accept the AWS Customer Agreement. Note: Be sure that you read and understand the terms of the AWS Customer Agreement. Choose “Create Account and Continue”.
You receive an email to confirm that your account is created. You can sign in to your new account using the email address and password you registered with. However, you can’t use AWS services until you finish activating your account.
f. Once logged in as root. Search for “IAM” and click on “Users” on the left. Click on “Add Users”. You will set user details and how users will access AWS on this page. Create a user by adding a user in the “User name” field. In this project we will be using “test-user”.
g. Under “Select AWS access type” select “Programmatic access” to enable access key ID and secret access key for CLI, SDK and other development tools. Check the “AWS Management Console access” to allow user to sign in with a password.
2. Create a custom password for you user
a. The “Console password” will allow selecting either an autogenerated password or custom password. For this project we will just assign a custom password for our user.
b. After creating the password, you can choose this option to prompt users to change the default password on first login with the “Require password reset” option. Scroll down and click on “Next: Permissions”.
c. Next is the “Set permissions” where you will assign the user to groups with attached policies and access. Add the user to any or all the groups. Remember when adding users to groups; be sure to follow the principle of least privilege to avoid assigning more permissions than a user will need.
For this project, you are only adding full S3 access to the user. Do not add the user to any groups at this step. Click “Next: Tags”
d. Add Tags to help you identify and organize your AWS resources. This step is optional. Click “Next: Review”.
e. Review all your choices, make changes by using the previous button if necessary and then click “Create user”. You should see your user successfully created. Download the .csv file with the new user credentials. Click on “Close”.
3. Add a “S3 full access” policy to your test-user
a. On the IAM dashboard while still signed to the root account, click on users and then select your newly created user. Review again to ensure initial policies have been applied.
b. Click on “Policies” on the left under “Access Management”. You will be granting “S3 Full-Access” to the test-user you just created. It defines which AWS accounts or groups are granted access and the type of access.
c. Type “S3” in the search bar for services. You will be presented with a list of policies related to S3. Click on the policy that says “AmazonS3FullAccess”. On the top right, click on “Actions” and you will see a drop down with options. Click on “Attach” and then select the user “test-user” you created. The “Attach policy” on bottom should be solid blue this stage. Attach the policy and you should see a message that it was successful or “One entity was attached to the AmazonS3FullAccess policy”. Sign out of the root account and log into the test-user account.
Note: As a good practice, always use IAM Policy Simulator to test your policies on groups, users and roles to ensure the policies are working properly before pushing to the production environment.
4. Login into your AWS account as “test-user”
a. On the AWS console page, select “IAM user”. The account ID or account alias is for the root account. Click on “Next”. Input the IAM user name and password and then sign in. It is always a good security practice to always create an IAM user to interact with the AWS console and not the root user.
5. Create an S3 bucket with a unique name
a. Once logged in, at the top of the page search for “S3” in the search bar. Click on “Create bucket” on the right. Add a unique name and ensure you follow the rules for bucket naming. It must be unique and not contain spaces or uppercase letter. Choose the AWS region closest to you. For this project we will leave it at US East (N. Virginia) us-east-1.
b. Scroll down, leave everything as else as default. In other projects we will discuss versioning and encryption. Click on “Create bucket”.
6. Confirm creation of the bucket under test-user
After we create the bucket, go back to the S3 bucket dashboard and that the S3 bucket has been created.
Conclusion
That completes our project on creating a user, assigning policies and creating an S3 bucket with a unique name on AWS. You can also play around with other policies available after creating a user. But remember, do not assign more privileges', permissions or access to a user or service if it is not needed. Leave comments, feedback and checkout my other post on medium.
