Create AWS S3 Bucket with AWS Cli

Updated: Oct 10

Amazon Simple Storage Service (Amazon S3) is a scalable, high-speed, web-based cloud storage service. The service is designed for online backup and archiving of data and applications on Amazon Web Services (AWS). Amazon S3 was designed with a minimal feature set and created to make web-scale computing easier for developers.


What is AWS S3 bucket?

A bucket is a container for objects stored in Amazon S3. we can store any number of objects in a bucket and can have up to 100 buckets in our account.


Buckets also:

  • Organize the Amazon S3 namespace at the highest level.

  • Identify the account responsible for storage and data transfer charges.

  • Provide access control options, such as bucket policies, access control lists (ACLs), and S3 Access Points, that you can use to manage access to your Amazon S3 resources.

  • Serve as the unit of aggregation for usage reporting.



How to create AWS S3 Bucket with Cli

  • Create a test bucket: aws s3 mb s3://chaos-blog-test-bucket

  • List the objects in the bucket: aws s3 ls s3://chaos-blog-test-bucket


How to create AWS S3 policy with cli

  • Create a role with no permissions:

aws iam create-role --role-name WriteToBucket_Role --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}'
  • Create a policy that can write into that bucket, and attach it to the role we just created:

aws iam put-role-policy --role-name WriteToBucket_Role --policy-name WriteToBucket_policy --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":["arn:aws:s3:::chaos-blog-test-bucket","arn:aws:s3:::chaos-blog-test-bucket/*"]}]}'


How to add AWS S3 access to an Instance

  • Create an instance profile for us to attach to an instance:

aws iam create-instance-profile --instance-profile-name WriteToBucket_profile

  • Attach the role to the profile:

aws iam add-role-to-instance-profile --instance-profile-name WriteToBucket_profile --role-name WriteToBucket_Role

  • Attach profile to our running instance. Here we will have to know the instance id of the instance we are adding the IAM profile to:

aws ec2 associate-iam-instance-profile --instance-id YOUR_INSTANCE_ID --iam-instance-profile Name="WriteToBucket_profile"

  • Go check out our AWS console, and we can see the IAM policy is now associated.



How to use AWS S3 on AWS instance?

  • ssh to our instance

  • Create an empty file: touch x

  • Copy a new empty file to the bucket: aws cp x s3://chaos-blog-test-bucket

  • We should now be able to see the file in the bucket. aws s3 ls s3://chaos-blog-test-bucket

  • If the copy fails, double check the IAM permissions, and that the instance has the IAM role attacked in the aws console.



37 views