1. Login to your AWS Management Console

2. Within Services, select Security, Identity & Compliance and choose Identity and Access Management (IAM)

3. Once within IAM navigate to Users (recommended use is individual user access keys rather than root access keys as users can be disabled/updated without affecting global account access)

4. Create or manage an existing (in this topic we will 'add user') select Add User

5. Provide a valid Username, check Programmatic access box and select Next: Permissions to continue.

6. Modify your permissions, assign user an appropriate Access Policy (in this example we chosen an in-built S3 Policy type of AmazonS3FullAccess; CREATE BUCKET, PUT, GET, LIST, DELETE Bucket/Object permissions are required) and Next: Review to continue.

7. Review and Create user

8. Once successful. Please save your user security credentials (Access key ID and Secret access key) in a safe place, Download .csv, or Show to make visible and click Close once complete.

Advanced IAM User Policies


Should you want to limit the policy of an IAM User to only have the required S3 permissions to allow on the functionality of our Filespace (CREATE BUCKET, PUT, GET, LIST, DELETE Bucket/Object). Please refer to below JSON policy templates. 


The 1st policy allows a specific IAM User to access only a specific pre-allocated bucket, this bucket must exist and can be specified during Filespace creation by selecting "I will provide my own bucket name". Our 2nd policy provides an IAM User with the necessary permissions to create a bucket, should they be responsible for an account which requires multiple Filespaces - LucidLink portal automatically creates a bucket based on the Filespace name and a globally unique identifier if no bucket is provided.


1. Specific IAM User to Bucket Policy


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket-name>/*",
                "arn:aws:s3:::<bucket-name>"
            ]
        }
    ]
}


2. IAM User with Create Bucket included in Policy


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",

                 "s3:CreateBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "*",
                "arn:aws:s3:::*/*"
            ]
        }
    ]
}



Create policy steps


1. During step 2 of IAM User creation within Set Permissions select Create policy 

2. Select JSON under Create policy wizard and copy/paste appropriate policy into the text editor. Depending on which policy is required, adjust accordingly to ensure that if the specific bucket policy is chosen you update the <bucket-name> with your actual bucket - highlighted in yellow. Once complete, please select Review policy to continue.



3. Name your policy. Review your policy details, ensuring everything is correct and select Create policy.


4. Refresh your policy filter in step 2 Set permissions of IAM User creation and specify your newly created policy.