Set Up S3 Bucket on AWS for program access

See Helpful Video Here.

See Github code Here.

See Another Helpful Tutorial Here.

In this post, you will be granting permissions to a new user and a new bucket.  See AWS policy generator generator Here.

  1. Sign into AWS or create a new account
  2. Create Storage
    • At the console, select S3.
    • Create a bucket with an unique name basically all default setting.  By doing so, you’ve created a bucket that does not allow public access.
  3. Create User
    • Go back to the console, select IAM
    • Select Users on the left side of the console panel
    • Select Add user, give a user name
    • For AWS access type, select Programmatic access to the user
    • Select Set permissions boundary
    • Select Create user without a permissions boundary.    Click on Create User.  An user will be  created with no permission.  The next screen will show the user’s access key and secret key.
    • In the IAM user screen, click on the user that was just created.   Copy and save the user’s ARN.
  4. Grant Permissions to S3 bucket
      • Now generate AWS policy to grant permissions to use the S3 bucket created in step 2.  Go to AWS policy generator 
        • Type of policy : s3 Bucket Policy
        • Effect:  Allow
        • Principle: User ARN created in step 3
        • AWS Service: s3
        • Actions:  Select ListBucket, Get* and Put* operations
        • Amazon Resource Name:  The S3 bucket’s ARN
        • Goto the bottom of the page and click on Generate Policy.  A window will show up containing the following information:
          {
            "Id": "Policy1557871313362",
            "Version": "2012-10-17",
            "Statement": [
              {
                "Sid": "Stmt1557871032784",
                "Action": [
          		"s3:ListBucket",
          		"s3:ListBucketVersions",
                          "s3:GetBucketLocation",
                          "s3:Get*",
                          "s3:Put*"
          	],
                "Effect": "Allow",
                "Resource": "arn:aws:s3:::s3bucketname",
                "Principal": {
                  "AWS": [
                    "arn:aws:iam::061354152240:user/username"
                  ]
                }
              }
            ]
          }
          
          
          
      • Switch to S3 control panel, select the bucket you want to use.  Click on the permissions tab.  Click on Bucket Policy.  
      • Click on Create Policy.  This will open a create policy window
      • Use cut and paste the generated policy to the Bucket Policy Editor.
      • Now go to the CORS Configuration tab.  Since our end goal is to build a web front (the php program with javascript) to the s3 bucket, we need to give Cross-Origin Resource Sharing Permission.  Here are some use cases AWS gave to figure out if you really need this.  Here is the documentation on how to enable it through AWS console.  Here’s an example:
        <?xml version="1.0" encoding="UTF-8"?>
        <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
          <CORSRule>
            <AllowedOrigin>*</AllowedOrigin>
            <AllowedMethod>GET</AllowedMethod>
            <AllowedMethod>POST</AllowedMethod>
            <AllowedMethod>PUT</AllowedMethod>
            <MaxAgeSeconds>3000</MaxAgeSeconds>
            <AllowedHeader>Authorization</AllowedHeader>
          </CORSRule>
        </CORSConfiguration>
        
  5. Grant permission to user
      • Go to the IAM dashboard panel, select user created in step 3
      • Click on New Inline Policy
      • Click on editor’s JSON tab.
      • Copy and paste the following permission:
        {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Action": [
                        "s3:ListAllMyBuckets",
                        "s3:PutObject",
                        "s3:GetObject"
                    ],
                    "Resource": [
                        "arn:aws:s3:::*"
                    ]
                }
            ]
        }

And That should be it! You are now eeady to create a program using the user’s credential to access the files in the s3 bucket.