1.1. AWS - Create a delegated Access for Picsellia

1. Sign in to the AWS Management Console

Log in to your AWS account and navigate to the AWS Management Console.

2. Open the S3 Console

In the Services menu, click on "S3" to access the S3 Console.

3. Choose the Bucket

Locate and click on the name of the bucket to which you want to delegate read and write access.

4. Configure bucket CORS

Click on your Bucket name and go to the "Permissions" tab.

Scroll down to "Cross-origin resource sharing (CORS)" and modify it to add the following JSON policy:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "POST",
            "PUT",
            "DELETE"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

5. Open the IAM Console

In the Services menu, click on "IAM" to access the Identity and Access Management (IAM) console.

6. Create a New Policy

  • In the IAM dashboard, select "Policies" from the left navigation pane.
  • Click "Create Policy."
  • Choose the "JSON" tab.
  • Paste the following JSON policy, replacing the placeholder "{your-bucket-name}" with the name of your bucket:
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Action": [
				"s3:GetObject",
				"s3:PutObject",
				"s3:ListBucket"
			],
			"Resource": [
				"arn:aws:s3:::{your-bucket-name}/*",
				"arn:aws:s3:::{your-bucket-name}"
			]
		}
	]
}
  • Click "Review Policy" and enter a name and description for the policy.
  • Then click "Create Policy."

7. Create a New IAM Role

  • In the IAM dashboard, select "Roles" from the left navigation pane, then select "Create Role".
  • Choose the trusted entity type as โ€œAWS serviceโ€ and select the service that will assume this role, like EC2.
  • Search for the policy you just created and attach it.
  • Click "Next: Tags" (if you want to add tags) and then "Next".
  • Enter the role name and description, then click "Create Role."

8. Attach the Role to an AWS Service

Now you can attach this IAM role to the AWS user that requires delegated access to the S3 bucket.
From the AWS Management Console, click on "Services," then select "IAM" to open the Identity and Access Management console.

In the left navigation pane, click on "Users".
Select the IAM user for whom you want to create the access keys. If you haven't created an IAM user yet, you'll need to do that first.

9. Create New Access Keys

In the "User details" section, click on "Create access key".

10. View and Save Keys

A pop-up window will appear, displaying the Access Key ID and Secret Access Key.
Click "Download .csv file" to download a CSV file containing both keys. Make sure to store this file securely, as you will not be able to view the Secret Access Key again.

11. Conclusion

This guide outlines the process to create delegated read and write access to an AWS S3 bucket. Always remember to follow the principle of least privilege when configuring IAM roles and policies, ensuring that only necessary permissions are granted.

For more detailed information or to customize permissions further, refer to the official AWS IAM documentation.