In the past few weeks, we at Firmhouse are starting to make all our apps 12factor compliant. One thing that we needed to tackle was where to store our user uploads.
We decided that the best place is Amazon S3, because the disk space is extremely cheap, and they are very reliable.
The downside of this is that we have to set up an S3 bucket for all our apps, and one thing we learned, S3 is awesome, but the policies are awful!
In this article, I want to show you how you can quickly setup an S3 bucket with a proper IAM user and policy!
1. Create IAM User
- Log in to your Amazon AWS console and go to IAM.
- Click "Users"
- Click "Create new Users"
- Fill in the name of the account and make sure the "Generate an access key" checkbox remains checked
- Click "Download Credentials"
2. Create your S3 bucket
- Go to S3
- Click "Create bucket"
- Give the bucket a name, a good naming scheme can be
appname-environment, for example
- Select region closest to your audience
- Click create
3. Generate the Bucket policy
Since creating the policies is the biggest problem in this endeavour, I created a simple app for you to generate your policies: s3bucketpolicy.com.
For this, you need to have the Users ARN, which you can find by going to the IAM user, it's on the given user overview page.
- Fill in the Users ARN
- Fill in the bucket name (Of the bucket you created in step 2)
- Click "Generate my policy"
- Copy the generated policy
4. Add the policy to your bucket
- Go to S3
- Click on your bucket
- Click on "Properties" (In the top right)
- Click on "Permissions"
- Click on "Edit bucket policy"
- Paste the policy we generated in step 3 and click "Save"
You've just created an S3 bucket with a secure policy! It can be that simple.