Give Acces to Users

Give read-only acces to users

  1. Using IAM service of AWS create IAM user.
  2. When creating an IAM user, check 'Generate an access key for each User' option to create a secret Access Id and key and save them. The secret Id and key are available for download only once.
  3. Add User policy to the user created to set permission to user. Alternatively the user can be added to an IAM group and permissions can be added to the group.
  4. Policy created (for group/user) should be like this
 {
        "Statement": [
        {
        "Action": [
        "s3:ListAllMyBuckets"
        ], 
        "Effect": "Allow", 
        "Resource": "arn:aws:s3:::*"
        }, 
        {
        "Action": ["s3:GET*","s3:LIST*"],
        "Effect": "Allow",
        "Resource": ["arn:aws:s3:::<bucket-name1>", "arn:aws:s3:::<bucket-name1>/*"]
        }
        ]
        }

Give Read-Write Access to Users

  1. If you want to give full access to users for only a few buckets; follow the same steps aas above but the policy generated should be like
        {
        "Statement": [ 
        {
        "Action": [
        "s3:ListAllMyBuckets"
        ], 
        "Effect": "Allow", 
        "Resource": "arn:aws:s3:::*"
        }, 
        {
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": ["arn:aws:s3:::<bucket-name1>", "arn:aws:s3:::<bucket-name1>/*","arn:aws:s3:::<bucket-name2>", "arn:aws:s3:::<bucket-name2>/*"]
        }
        ]
        }