Using AWS CLI to Create Users, Groups and S3 Buckets
By the end of this lesson you are going to be able to create a new user and add the user to a group that will have the permission to create S3 buckets all through AWS CLI. Now this is for people that like to get their hands dirty with the command line and feel super techie and cool. So grab your cup of coffee and lets go!
The prerequisites to complete this project:
- AWS Root account
- Terminal with AWS CLI
These are the steps we are going to take to complete this lesson:
- Create a AWS user and access key
- Create login profile
- Create our “Admin” group and attach S3 policy
- Add User to “S3admin” group
- Create S3 Bucket
First things first head over to your terminal and we are going to create our User and access key with this command:
aws iam create-user — user-name USERNAME
Next, create the users access key. This will allow the user to make programmatic requests to AWS
aws iam create-access-key — user-name USERNAME
NOTE: Be sure to copy and store the secret access key because once its lost you can not retrieve it and will have to create a new access key
To view your created user, user the command
aws iam list-users
User Name: It is a friendly user name that we specify while creating the IAM user
User ID: It is a unique id of each IAM user
ARN: It is the Amazon resource name to identify the user
Create Date: It is the user creation date in date-time format
Tip: When typing your command you can hit Tab twice to auto complete or bring up different options for the command.
Lets create the login profile for the user so they can access the AWS Console. To do that use the command below:
aws iam create-login-profile — user-name testuser1 — password USERPASSWORD — no-password-reset-requiredFor best security practice you want to have the user rest their password when logging in but for this lesson we will set “no” for password reset.
aws iam create-group — group-name GROUPNAME
Now its time to create a group that will be called “S3admin” and then we’re going to attach a policy to the group so anyone added to the group will have the privilege to run different commands that pertain to S3. But to find the policy ARN access resource name you will go to the AWS console IAM:
Attach the policies to the group:
aws iam attach-group-policy — group-name GROUPNAME — policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
One more policy to add to the group to give access to AWS CLI
aws iam attach-group-policy — group-name S3admin — policy-arn arn:aws:iam::aws:policy/AWSCloudShellFullAccess
Now that the policies are attached, you can view the policies that were added to the group using the command:
aws iam list-attached-group-policies — group-name S3admin
Its time to add our user to the group:
aws iam add-user-to-group — user-name USERNAME — group-name GROUPNAME
Use the command below to view the user added to our group:
aws iam list-groups-for-user — user-name testuser
From here we are going to log into our “testuser” and go into the AWS CLI
AWS S3
AWS S3 is Simple Storage Service. This service is used to hold files called objects and those objects are stored inside of directories called buckets where you can hold anything from a static website, pictures etc. With the S3 service you can create, delete, copy and move objects, buckets and more. Ok lets create some buckets.
One thing about buckets is that they need to have a unique name. So get creative when you create them.
To make a bucket use the command:
aws s3 mb s3://UNIQUEBUCKETNAME
Congrats! You’ve now learned how to create a user that was added to a special group that has privileges to create S3 buckets.
