This tutorial will provide user access to a specific S3 Bucket via the AWS web console. This can be very handful of you want a quick way to share data with a customer.
Copy Amazon Resource Name (ARN) of S3 bucket #
Create IAM Policy #
Create a new IAM policy to acces the S3 Bucket
Move to JSON tab and replace the default policy with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::bucket_name"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::bucket_name/*"]
}
]
}
Replace arn:aws:s3:::bucket_name with the ARN of your S3 Bucket
Give the new policy a name and save it:
Create IAM User and attach the policy #
Choose a user name and enable console access:
Attach the IAM Policy and create the user:
Copy the password for the user
Access S3 Bucket with the new user #
Copy your AWS Account ID
Use your AWS Account ID and ogin with the IAM user credentials
The user can not select the newly create S3 Bucket nor any other from your S3 Buckets from the Bucket overview.
Insted the user has to access the bucket with a link that directly points to the S3 Bucket:
https://s3.console.aws.amazon.com/s3/buckets/blog-jklug/
