DEV Community

Cover image for Aws-S3-Bucket-Policy-Exploration
Oluwatobi
Oluwatobi

Posted on

Aws-S3-Bucket-Policy-Exploration

Project Description:

This project will guide you through creating a simple S3 bucket, defining a policy to manage access permissions, creating IAM Users and Groups, and assigning roles to each group.

Project Task:

  1. Create an S3 Bucket
  2. Understanding S3 Bucket Resource Base Policies
  3. Create IAM users and Groups
  4. Policy Configuration

Step 1: Create an S3 bucket

  • Log in to the AWS Management Console

2

  • Navigate to the S3 service

3

  • Click the "Create bucket" button

4

  • Follow the prompts to configure your new S3 bucket ( maintain the default settings)

5

7

  • You might get this prompt, S3 naming convention is unique (You can't have two buckets with the same name in the whole of AWS infrastructure)

  • Add some extra characters or texts

8

9

Step 2: Understanding S3 Bucket Policies [How Amazon S3 works with IAM]

Scenario: As the cloud Architect, you're to

Create IAM users, and assign them to different groups

  • Group 1 - Developers [Users - Gift, grace]
  • Group 2 - Auditors [Ali, Josh]
  • Group 3 - Operations [ Samuel, Lovet]

Assign different roles (policies) to each group

Groups Roles
Developers EC2
Auditors Billing and cost Management
Operation Networking

Each Group has a lead, assign Resource-based policies within Amazon S3 only to the lead of each group

2.1 Creating groups and assigning permissions

  • Navigate to IAM

10

  • Select User groups

11

  • Create groups

12

13

14

15

16

Apply the same Steps to create the other groups

  • ### 2.2 Creating and Adding Users

21

22

23

24

25

Apply the same Steps to create the Users you want

26

2.3 Assign Resource-based policies within Amazon S3 only to the lead of each group

Assuming the leads are

Auditors - Ali

Developers - Grace

Operations - Samuel

  • Navigate to the bucket you created

27

  • Select Permission

28

  • Edit Bucket Policy

29

  • Copy this code
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddPublicReadCannedAcl",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::471112799800:user/Ali",
                    "arn:aws:iam::471112799800:user/Samuel",
                    "arn:aws:iam::471112799800:user/grace"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::bucketttesting/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "public-read"
                }
            }
        }
    ]
}

Enter fullscreen mode Exit fullscreen mode
  • Edit the principal, Copy the ARN URL of the users

31

  • Edit the Resource, Copy the bucket ARN

  • You can edit the action if you want

30g

  • Save Changes

30h

Alternatively

  • Use the policy generator

30

  • Select S3 Bucket policy

30a

  • Select Allow

30b

  • Select any action, you can select as many as you like

30c

  • Copy the bucket ARN

30e

  • Select Generate Policy

30f

Top comments (0)