Skip to content

Amazon S3 bucket setup

Emil Johnsen edited this page Apr 7, 2024 · 4 revisions

Setup of Amazon S3 bucket

The first step in setting up an Amazon S3 bucket for your project is to create an Amazon Warehouse Service account at this link.

Once you have done this, you can search for S3 and select the S3 service option.

S3 Service

Once on your S3 bucket service, click on "Create", which will take you to the creation of your S3 bucket.

Create Bucket

When you have clicked on "Create", you will be presented with options for your bucket configuration. The key configurations are:

  • Region: Choose the region that provides you with the lowest latency for data transfer.
  • Bucket name: Choose any unique name for your bucket.
  • Block all public access: Toggle this off, as we will configure who can access your bucket later.

Congratulations! You have created your Amazon S3 Bucket. Now we need to create an IAM account so we can restrict access to only people with the credentials of the IAM account. In the same search field where you searched for "S3", you will now search for "IAM". Click on the IAM service. Once here, click on the "Users" tab.

IAM Users

Now, click on "Create user", similar to where you clicked "Create bucket" before. Give the IAM account a name of your choosing, click on "Attach policies directly", and select the following two policies:

  • AmazonS3FullAccess
  • IAMReadOnlyAccess

Your user should now look something like this:

IAM User

Press "Create user" and click on the username of your newly created user. On this page, press "Create access key".

Access Key

Choose a use case and set a description, then press "Create".

You have now created the IAM account you are going to use to access your S3 bucket! Store your Access key and Secret access key securely, as you will need them later.

Now, return to the S3 bucket you created, click on it, and go to the "Permissions" tab. Scroll down to "Bucket policy" and press "Edit".

Here you will input the following bucket policy:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Principal": {
				"AWS": "<SEE BELOW>"
			},
			"Action": "s3:*",
			"Resource": [
				"arn:aws:s3:::{YOUR_BUCKET_NAME}",
				"arn:aws:s3:::{YOUR_BUCKET_NAME}/*"
			]
		},
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Principal": "*",
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::{YOUR_BUCKET_NAME}/*"
		}
	]
}

For the AWS area, you can go to your IAM account and look here:

![image](https://github.com/1Cezzo/idatt2105-project-backend/assets/111747340/d4109582-2e28-4af5-b10d-bd2595dc8d96)

Copy this link in the "AWS" field, so it looks something like this: 

"AWS": "arn:aws:iam::472570826290:user/{IAM_ACCOUNT_USERNAME}".

Now press save changes and you are done! You have successfully created an S3 bucket and an IAM account with access to the S3 bucket!

Now for your environment variables:
ENDPOINT_URL: <https://YOUR_REGION_HERE.amazonaws.com/> (example: <https://s3.eu-north-1.amazonaws.com/>)
BUCKET_NAME: The bucket name for your S3 bucket
ACCESS_KEY: The access key you created in your IAM account.
SECRET_KEY: The secret key you created in your IAM account.

Congratulations! You have now set up an Amazon S3 bucket and you can now use it securely through your backend via the IAM account.
Clone this wiki locally