Open in app

Sign up

Sign in

Write

Sign up

Sign in

How to Create a New User and S3 Bucket on AWS

Learning AWS fundamentals for Level Up in Tech

Daniel Rothamel
7 min readJul 13, 2021
Let’s talk about buckets…

I’m back with another project for Level Up in Tech on my journey to becoming a DevOps engineer, and this time, we’re working on one of the fundamental aspects of Amazon Web Services (AWS) — creating users and giving them permissions.

If you’re going to be using AWS, you’re going to need to know how to create users and give them the permissions that you want, so that you can properly manage activity in the AWS account.

The steps for this project are pretty simple:

  1. Create a user called, “test-user”
  2. Add an “S3 Full-Access” policy to test-user
  3. Create a custom password for test-user
  4. Log into the AWS console as test-user
  5. Create an S3 bucket with a unique name
  6. Confirm creation of the bucket under test-user

Since this is straightforward, let’s dive right in…

1. Create a user called, “test-user”

When you first create an AWS account, you do so as what’s called the “root user.” That means, then when you log into your AWS account using the email address that you used to set up the account, you are logging in as the root user. The root user is like a “super administrator.” That means that the root user has full and total access to everything in the AWS account.

As a best practice, Amazon suggests that you should at least create another user with regular administrator privileges, and use that user for everyday work in the account. That way you lessen the chance of accidentally doing something you didn’t want to do, and thereby messing up the whole account.

Obviously, if there are going to be multiple users on an account, you want to create accounts for each user, and set their permissions according to the level of access that you want each user to have. AWS has tons of permission policies for AWS accounts that you can choose from, which we’ll see in just a moment.

For the purpose of this project, we’re going to create a user called, “test-user,” and only give that user access to create and manage the S3 service in our AWS account.

In order to do that, we first need to log into the AWS console as the root user.

Once we are in the console, we need to click on IAM (Identity and Access Management)

Click on IAM under “Security, Identity, & Compliance”

Once inside IAM, click on “Users” on left-hand menu, and then the “Add user” button at the top of the screen.

You’ll notice in my screenshot that I already have one user, the one that I created as an administrator (remember what I said about AWS best practices?)

After clicking “Add user,” you’ll see this screen…

From this screen, we’ll assign the name “test-user” to the user, as per our project instructions.

Then, we need to check the box granting programmatic access so that our user has secure access to AWS, and we need to check the box that gives them access to the AWS management console.

After that, we type in the password for test-user, and then uncheck the box requiring a password reset, unless you really want to have to reset the password after initial log in.

Now, click “Next: Permissions” and we’ll set the permissions for this user…

2. Add an “S3 Full-Access” policy to test-user

The next page is where we can attach the “S3 Full-Access” policy to our user

AWS makes it easy to find and assign policies

We first click on the big button to “Attach existing policies directly” to our user. This gives us access to all of AWS’s predefined policies.

Now, just search for “S3” to bring up all of the policies that relate to the S3 service.

Once we have the options, we select “AmazonS3FullAccess” as per the instructions for our project.

After doing that, we can click next, skip the tagging, and review our user:

This looks exactly how we want it!

In reviewing our user, we have the correct name, and the have the correct permissions, so now we just click “create user.”

The next page will give us our confirmation of the newly created user:

This page is important! Pay attention!

From this page, we want to click on the “Download .csv” option so that we can download and store the security credentials for this user.

NOTE: We won’t need the security credentials for the creation of an S3 bucket, but you should still ALWAYS download and store these security credentials, because you might need them.

After we have downloaded the security credentials, we can click on the link in blue to sign-in as our test-user.

This link is unique to your AWS account

4. Log into the AWS console as test-user

If you’re paying very close attention, you’ll noticed I skipped number 3 on our list of instructions. :-)

Well, not really. The creation of the custom password was covered before we assigned the policy, so we’ve still got all of our steps covered.

Now, it’s time to log into the AWS console as our new test-user. After clicking on the link above, we see a screen like this:

This is what the console log in screen looks like for users

Obviously, this screen will have info on it that pertains to your particular AWS account. All you have to do is enter the name “test-user” and use the custom password that you set up, then click “Sign in.”

If you did everything correctly, you’ll be taken to the familiar AWS Management Console page.

5. Create an S3 bucket with a unique name

Now it’s time to create our S3 bucket. To do that, first click on “All Services” to bring up the menu of all of the AWS services:

Next, scroll down until you find “Storage,” and select “S3.”

This is the storage you are looking for

From there you’re looking for this button:

This button does what it says

Click on it to create a new bucket. That will take us to the bucket creation screen.

On this screen, we can choose the unique name for our bucket. AWS has a few naming conventions for S3 buckets. One of them is that every bucket has to have a unique name for the entire AWS S3 network of buckets. Another is that bucket names can only be lowercase.

So, let’s name our bucket:

D’oh! I forgot to only use lowercase. Had to change to “alleniverson”

As you can see when I took this screenshot, I named my bucket with an uppercase “A” and “I.” While I think Allen Iverson would appreciate this, AWS did not, and it made me rename my bucket “alleniverson.”

And if you’re wondering about the name, it’s because Allen Iverson was known for his ability to get buckets. :-)

After we enter the name for our bucket, we’re going to leave all the other settings as they are, and create the bucket.

6. Confirm creation of the bucket under test-user

After we create the bucket, we are taken back to the S3 screen where we can see that our bucket has, indeed, been created.

Wrap-Up

That completes all of the steps for this project; and if you’ve been following along, you now know how to create a user in your AWS account, assign specific permissions to that user, and use those permissions to do something like create an S3 bucket.

This is a fundamental aspect of AWS and the management of an AWS account, and I’m glad I got to learn it for Level Up in Tech.

It’s always good to get hands-on practice, even if Allen Iverson himself might not agree

DevOps
AWS
Aws S3
Allen Iverson
Career Development

--

--

Daniel Rothamel
Follow

Written by Daniel Rothamel

737 Followers

Cloud Data Delivery Engineer | Cloud career coach | I care for my Dad, who has Early-Onset Alzheimer’s disease. This is where I write about it all…

Follow

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams