How to Create an AWS IAM User and Role for Programmatic AWS S3 Access

In this tutorial I am going to show you how to create an AWS IAM role so you can create access keys to use to copy files to and from AWS S3 buckets via the AWS Command Line Interface (CLI).

This is useful if you need to transfer files from S3 to an EC2 instance using the CLI.

Prerequisites

  1. You have an AWS account
  2. You have an EC2 instance created
  3. You have access to IAM within the AWS Console

Creating an IAM Role

Step 1 – Open the IAM Console

Step 2 – Click on Users

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
Click on Users



Step 3 – Click ‘Add user’

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
Click ‘Add User’

 

Step 4 – Enter a unique user name

Step 5 – Check Programmatic Access

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
Enter a user name and check programmatic access

Step 6 – Click Next: Permissions

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access

Step 7 – Click ‘Attach existing policies directly’

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
Click ‘Attach existing policies directly’

 

Step 8 – Enter S3 in the’ Filter policies’ field

Step 9 – Check ‘AmazonS3FullAccess’ or ‘AmazonS3ReadOnlyAccess’ depending on your requirements

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
Enter S3 in ‘Filter policies’ and check S3FullAccess or AmazonS3ReadOnlyAccess

Step 10 – Click Next: Review

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access

Step 11 – Review and Click ‘Create user’

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
Review and click ‘Create user’

Step 12 – Download the key pair and store securely – don’t email, share them outside your organization – keep the keys confidential.  You can only download them once.

How to Create an AWS IAM User and Role for Programmatic AWS S3 Access
View and download the key pair