Skip to Content

Create AWS S3 Bucket with AWS Cli

Amazon Simple Storage Service (Amazon S3) is a scalable, high-speed, web-based cloud storage service. The service is designed for online backup and archiving of data and applications on Amazon Web Services (AWS). Amazon S3 was designed with a minimal feature set and created to make web-scale computing easier for developers.

What is AWS S3 bucket?

A bucket is a container for objects stored in Amazon S3. we can store any number of objects in a bucket and can have up to 100 buckets in our account.

Buckets also:

  • Organize the Amazon S3 namespace at the highest level.
  • Identify the account responsible for storage and data transfer charges.
  • Provide access control options, such as bucket policies, access control lists (ACLs), and S3 Access Points, that you can use to manage access to your Amazon S3 resources.
  • Serve as the unit of aggregation for usage reporting.

How to create AWS S3 Bucket with Cli

  • Create a test bucket: aws s3 mb s3://chaos-blog-test-bucket
  • List the objects in the bucket: aws s3 ls s3://chaos-blog-test-bucket

How to create AWS S3 policy with cli

  • Create a role with no permissions:

aws iam create-role –role-name WriteToBucket_Role –assume-role-policy-document ‘{“Version”:”2012-10-17″,”Statement”:[{“Effect”:”Allow”,”Principal”:{“Service”:””},”Action”:”sts:AssumeRole”}]}’

  • Create a policy that can write into that bucket, and attach it to the role we just created:

aws iam put-role-policy –role-name WriteToBucket_Role –policy-name WriteToBucket_policy –policy-document ‘{“Version”:”2012-10-17″,”Statement”:[{“Effect”:”Allow”,”Action”:”s3:*”,”Resource”:[“arn:aws:s3:::chaos-blog-test-bucket”,”arn:aws:s3:::chaos-blog-test-bucket/*”]}]}’

How to add AWS S3 access to an Instance

  • Create an instance profile for us to attach to an instance:

aws iam create-instance-profile –instance-profile-name WriteToBucket_profile

  • Attach the role to the profile:

aws iam add-role-to-instance-profile –instance-profile-name WriteToBucket_profile –role-name WriteToBucket_Role

  • Attach profile to our running instance. Here we will have to know the instance id of the instance we are adding the IAM profile to:

aws ec2 associate-iam-instance-profile –instance-id YOUR_INSTANCE_ID –iam-instance-profile Name=”WriteToBucket_profile”

  • Go check out our AWS console, and we can see the IAM policy is now associated.

How to use AWS S3 on AWS instance?

  • ssh to our instance
  • Create an empty file: touch x
  • Copy a new empty file to the bucket: aws cp x s3://chaos-blog-test-bucket
  • We should now be able to see the file in the bucket. aws s3 ls s3://chaos-blog-test-bucket
  • If the copy fails, double check the IAM permissions, and that the instance has the IAM role attacked in the aws console.