Open AWS Management Console, Go to IAM > Policy, click Create Policy
Create a policy using below example IAM policy statement with minimum permissions. Change the <your-bucket-name>
in the policy statement accordingly.
If it's for S3 buckets in China regions, please make sure you also change to use arn:aws-cn:s3:::
instead of arn:aws:s3:::
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "dth",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::<your-bucket-name>/*",
"arn:aws:s3:::<your-bucket-name>"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "dth",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:ListBucket",
"s3:PutObjectAcl",
"s3:AbortMultipartUpload",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::<your-bucket-name>/*",
"arn:aws:s3:::<your-bucket-name>"
]
}
]
}
Note that if you want to enable S3 Delete Event, you will need to add
"s3:DeleteObject"
permission to the policy.
Open AWS Management Console, Go to IAM > User, click Add User, follow the wizard to create the user with credential.
- Specify a user name, for example dth-user. And for Accesss Type, select Programmatic access only. Click Next: Permissions
- Select Attach existing policies directly, search and use the policy created in Step 1, and click Next: Tags
- Add tags if needed, click Next: Review
- Review the user details, and Click Create User
- Make sure you copied/saved the credential, and then click Close