-
Notifications
You must be signed in to change notification settings - Fork 18
Creating Read Write Users
Wade Robson edited this page Dec 21, 2016
·
2 revisions
You should also create a user with a policy that allows for uploads to your bucket(s). These credentials are not to be used on your clients.
Before we can create our read-write user we must create a policy.
- Login to your IAM Dashboard
- Select Policies on the left and then select Create Policy.
*If its your first time in here you might have to hit Get Started first. - On the next page select Create Your Own Policy.
- Give your policy a name. I chose "munki-read-write", it doesn't matter, what matters is you remember it. Description is also arbitrary.
- Copy and paste the example policy into the Policy Document section and replace the "S3_BUCKET_GOES_HERE" with the name of your s3 bucket(this is not the URL).
- Click Validate Policy and if its sucessful, go ahead and click Create Policy.
Example IAM policy for read-write access.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": ["arn:aws:s3:::S3_BUCKET_GOES_HERE"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::S3_BUCKET_GOES_HERE/*"]
}
]
}
Now that we have the policy we can attach it to a user.
- Login to your IAM Dashboard
- Select Users on the left and then select Create Users.
- Enter a user name you want to user and make sure to leave the Generate an access key for each user checkbox checked, then select Create.
- Either chose to Show User Security Credentials or Download Credentials. It doesn't really matter just make a note of what they are because its the last time you'll be able to retrive them. When your done select Close
- Select your newly created user from the list of users.
- Select the Permissions tab.
- Hit Attach Policy and then check the box next to the policy we created earlier and select Attach Policy