Aws-S3-Bucket-Policy-Exploration

Project Description:

This project will guide you through creating a simple S3 bucket, defining a policy to manage access permissions, creating IAM Users and Groups, and assigning roles to each group.

Project Task:

1. Create an S3 Bucket
2. Understanding S3 Bucket Resource Base Policies
3. Create IAM users and Groups
4. Policy Configuration

Step 1: Create an S3 bucket

• Log in to the AWS Management Console

• Navigate to the S3 service

• Click the "Create bucket" button

• Follow the prompts to configure your new S3 bucket ( maintain the default settings)

• You might get this prompt, S3 naming convention is unique (You can't have two buckets with the same name in the whole of AWS infrastructure)

• Add some extra characters or texts

Step 2: Understanding S3 Bucket Policies [How Amazon S3 works with IAM]

Scenario: As the cloud Architect, you're to

Create IAM users, and assign them to different groups

• Group 1 - Developers [Users - Gift, grace]
• Group 2 - Auditors [Ali, Josh]
• Group 3 - Operations [ Samuel, Lovet]

Assign different roles (policies) to each group

Each Group has a lead, assign Resource-based policies within Amazon S3 only to the lead of each group

2.1 Creating groups and assigning permissions

• Navigate to IAM

• Select User groups

• Create groups

Apply the same Steps to create the other groups

• ### 2.2 Creating and Adding Users

Apply the same Steps to create the Users you want

2.3 Assign Resource-based policies within Amazon S3 only to the lead of each group

Assuming the leads are

Auditors - Ali

Developers - Grace

Operations - Samuel

• Navigate to the bucket you created

• Select Permission

• Edit Bucket Policy

• Copy this code

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddPublicReadCannedAcl",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::471112799800:user/Ali",
                    "arn:aws:iam::471112799800:user/Samuel",
                    "arn:aws:iam::471112799800:user/grace"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::bucketttesting/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "public-read"
                }
            }
        }
    ]
}

• Edit the principal, Copy the ARN URL of the users

• Edit the Resource, Copy the bucket ARN

• You can edit the action if you want

• Save Changes

Alternatively

• Use the policy generator

• Select S3 Bucket policy

• Select Allow

• Select any action, you can select as many as you like

• Copy the bucket ARN

• Select Generate Policy