Learning Objectives: -
1. Learn to create IAM User and configure AWS CloudShell for the user.
2. Test AWS CloudShell commands.
Step 1: Create a user and name it as New-S3-User. To do this follow Step 2 to Step 7 from this blog
Step 2: In the top right corner, you can see the symbol for CloudShell, click on it.
After clicking on it a window will show up.
If you carefully see, there is an error message in the red box, this is because of not giving permission of CloudShell to new created IAM user, i.e. “New-S3-User”.
So, for giving permissions we have to sign out and log back in as admin user and set permissions to access CloudShell.
Step 3: Go to IAM service in AWS console, go to Users.
Click on New-S3-User.
Scroll down to Permissions Policies and click on Add permissions.
Step 4: In Add Permissions click on button Attach policies directly.
Scroll down to Permissions policy and in the search bar, search for Cloudshell and then click on checkbox AWSCloudShellFullAccess and then click on button Next.
Click on Add permissions.
You can see the permission is added for CloudShell.
Now sign out again and log back in as “New-S3-User” user and click on CloudShell.
Now you can see there is no error message, that means the permission is added successfully.
Step 5: Type in the command: aws configure
Copy the Access key ID from .csv file and paste it here for AWS Access Key ID.
Similarly copy the Secret access key and paste it here for AWS Secret Access Key.
Give the Default region name that we stored in Step 8, ap-south-1 in this case.
Give Default output format as json.
Step 6:- This step is to test whether the User can access S3 services through AWS CloudShell commands.
To create a bucket, enter following command:
aws s3 mb s3://mybucket753159
Here mybucket753159 is a random name chosen for your bucket.
You may have to try this command again if your required bucket name is already being used by some other AWS user.
If you observe make bucket: (name of your bucket) as output, your bucket has been successfully created for this particular s3 user using the access and policies you chose for the user.
Step 7: - Go to S3 services from AWS console and click on Buckets to check that the bucket has been created.
Note: Delete the S3 bucket and the IAM user if you no longer need to use them.
Was this document helpful? How can we make this document better. Please provide your insights. You can download PDF version for reference.
For your aws certification needs or for aws learning contact us.