As part of a side project, I used an AWS S3 bucket to store and retrieve files. Although I’ve used S3 to store a static website before, this was the time to use the S3 bucket for another cause, and I decided to take note of the process.
We’re going to;
- Login to AWS Management Console.
- Create an S3 bucket.
- Add a bucket policy.
- Assign a user for the bucket.
- Configure AWS credentials (Extra step if you’re using the bucket in a NodeJs project)
Log in to AWS Management Console.
We can either log in as account owner(root user) or as an IAM(Identity and Access Management) user. Either way, make sure you have the permission to create an S3 bucket & add policies.
Create an S3 bucket.
After log in to the console, navigate to the AWS Services page (drop-down on the top left corner of the console). Click on S3 to start creating a bucket. On the Amazon S3 page, click on Create bucket. Give it a unique name and make sure to select the preferred region.
Scroll down to change any configurations as you like, but for me, I’m happy with default settings for now. Go ahead and click Create bucket. Your bucket will be displayed on the Amazon S3 bucket list.
You can copy your bucket name for later use.
Add a bucket policy.
Currently, the bucket we created is private. We use policies to set up read/write permissions to a certain application or a user.
Navigate to IAM from the service menu. Select Policies on the left menu of the IAM console.
Click on Create Policy. We will create a policy to allow get, update and delete an object to any app, or a service, from this particular bucket.
Choose S3 from the services list. From the Read list, apply getObject. And from the Write list, apply deleteObject and putObject. Then move on and click Resources.
This is where you get to apply the above-selected actions to your specific bucket. Click on Add ARN. A dialog may pop up. Enter your bucket name, and check Any for the object name. If you check Any for both, your applications/services will have access to read/write, to/from all buckets, and all objects in the buckets.
Click add on the bottom right corner, you will be navigated to Create Policy page, with updated ARN updated with your bucket name.
Then, click Next-tags, navigate to the add-tags page, I skip adding tags. Click Next: Review. Here on this page, you get to review your policy and add a name to it.
Add a name and click Create Policy on the bottom right corner of the page. You are all set. The new policy will appear on the Policies list.
Assign a user for the bucket.
Now, let’s create a user and assign permission access to our bucket, For instance, if you’re building a file uploader app, that app will act as a user to access the bucket and process read/write operations.
Navigate back to IAM console. Select Users, then Add users. Enter your user's name, and, since it is an application or a service that will act as a user, select Programmatic access as the Access Type.
Click Next: Permissions to set up permissions for the user. Select the policy we set up in the previous step.
Click on Next: Tags, this will navigate to add tags page, which I will skip once again. Click on Next: Review to review your user details.
Click on Create User. We’re almost there!
Now, we’ve been navigated to an important page. Please take note or copy the Access key ID, along with the Secret access key. (You can add these straight to your .env file, shown below).
Configure AWS credentials.
To configure AWS credentials from our application, we need to generate AWS security credentials. Navigate to your account name, select My Security Credentials from the drop-down menu.
And then select Access keys (access key ID and secret access key) section.
Click on Create New Access Key, Download the Key pairs to your system for future use. Click on the Show Access key and you will get your Access Key ID and Secret Access Key.
To use apps and use AWS services within, your app needs aws-cli configuration and set up account credentials.
Install awscli through npm;
npm i awscli
or using brew;
brew install awscli
check the awscli version installed
For the next step, you will need AWS account credentials using the below command and enter your Access Key ID and Secret Access Key.
AWS Access Key ID [****************]:
AWS Secret Access Key [****************]:
Default region name [ap-northeast-2]:
Default output format [None]:
Check if all the s3 buckets are listed running the command below:
aws s3 ls
If you are a root user, use the keys we created in this step for configuring AWS credentials, use the keys we set up with IAM user in the .env file.
This was my experience setting up s3 for file uploading through a Nodejs application. Hope this article will help someone trying to set up an S3 for storage. Thank you for reading! ❤️