Project Description:
This project will guide you through creating a simple S3 bucket, defining a policy to manage access permissions, creating IAM Users and Groups, and assigning roles to each group.
Project Task:
- Create an S3 Bucket
- Understanding S3 Bucket Resource Base Policies
- Create IAM users and Groups
- Policy Configuration
Step 1: Create an S3 bucket
- Log in to the AWS Management Console
- Navigate to the S3 service
- Click the "Create bucket" button
- Follow the prompts to configure your new S3 bucket ( maintain the default settings)
You might get this prompt, S3 naming convention is unique (You can't have two buckets with the same name in the whole of AWS infrastructure)
Add some extra characters or texts
Step 2: Understanding S3 Bucket Policies [How Amazon S3 works with IAM]
Scenario: As the cloud Architect, you're to
Create IAM users, and assign them to different groups
- Group 1 - Developers [Users - Gift, grace]
- Group 2 - Auditors [Ali, Josh]
- Group 3 - Operations [ Samuel, Lovet]
Assign different roles (policies) to each group
Groups | Roles |
---|---|
Developers | EC2 |
Auditors | Billing and cost Management |
Operation | Networking |
Each Group has a lead, assign Resource-based policies within Amazon S3 only to the lead of each group
2.1 Creating groups and assigning permissions
- Navigate to IAM
- Select User groups
- Create groups
Apply the same Steps to create the other groups
- ### 2.2 Creating and Adding Users
Apply the same Steps to create the Users you want
2.3 Assign Resource-based policies within Amazon S3 only to the lead of each group
Assuming the leads are
Auditors - Ali
Developers - Grace
Operations - Samuel
- Navigate to the bucket you created
- Select Permission
- Edit Bucket Policy
- Copy this code
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPublicReadCannedAcl",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::471112799800:user/Ali",
"arn:aws:iam::471112799800:user/Samuel",
"arn:aws:iam::471112799800:user/grace"
]
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::bucketttesting/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "public-read"
}
}
}
]
}
- Edit the principal, Copy the ARN URL of the users
Edit the Resource, Copy the bucket ARN
You can edit the action if you want
- Save Changes
Alternatively
- Use the policy generator
- Select S3 Bucket policy
- Select Allow
- Select any action, you can select as many as you like
- Copy the bucket ARN
- Select Generate Policy
Top comments (0)