Data Communication with AWS: Part 3- App Dev Series 9
Objective: setting the policy to S3.
Setting the connection to AWS is kind of big deal, and in this article we will set the policy to make our code in AWSManager could be able to connect AWS S3.
Continue from the last article.
Policy for unauthenticated user
First step we need to set the permission to unauthenticated user can access S3 bucket freely. Go to IAM(Identity and Access Management) site from AWS console and click Roles from the side menu, then select the role with “Unauth_Role”.
Inside the summary page of that role, select Attach policies> Create policy.
Then give the settings as following:
- Service: S3
- Actions: All actions
- Resources: All resources
And click Next, skip the tags to Review policy. Set the name of this policy and create it.
Back to the page of Role Summary, click Attach policies and select the police we created.
And now we can jump to setting permission for S3.
S3 permission
Go to S3 page and select our bucket, then select Permissions from the top menu.
Under Permissions page, there is a Bucket policy section. Click Edit, then click Policy generator.
In this page, you need to paste the ARN(Amazon Resources Name) of the unauthenticated role. Back to IAM page to copy the ARN, which should be found when you select the role from Roles menu.
Copy the ARN for the later uses.
Back to Policy generator of S3 bucket. Select the Policy Type to S3 Bucket Policy.
Leave Effect as default at Allow, and paste the ARN key of unauthenticated role to Principal.
Keep AWS Service as default, and clicked All Actions to Actions.
And the ARN column, we need to input the name by its rule. Input the ARN like this:
“arn:aws:s3:::{bucket name}/*”
Now we can select Add statement and it should appear the result below.
Then click Generate Policy button, it should pop up a window with json format policy code.
Copy that code and paste it back to the page of edit bucket policy.
Save this policy and now we have granted the permission to S3.