Add S3 bucket using awscli (example)
Here’s a simple step by step guide on how to create a s3 bucket, with an attached cloudfront and a user with write access. This is typically what you want if you need quick hosting for static files for you website.
This is made in contrast to the terraform guide, which does the same, but using different tools
If you haven’t already, setup awscli (using python and pip)
pip install awscli aws configure
You here have to provide your access key and secret key, which can be found at aws console.
- Create bucket
-
aws s3api create-bucket --bucket my-cool-bucket --acl public read --region eu-west-1
-
- Get public read policy for bucket
-
curl https://raw.githubusercontent.com/tomfa/aws-policies/master/s3-bucket-public-read.json > s3-template.json
-
- Replace [[YOUR-BUCKET-NAME]] with the name of your bucket
-
sed 's/\[\[YOUR-BUCKET-NAME\]\]/my-cool-bucket/g' s3-template.json > s3.json
-
- Apply the bucket policy
-
aws s3api put-bucket-policy --bucket my-cool-bucket --policy file://s3.json
-
- Enable CloudFront cli (it’s in beta)
-
aws configure set preview.cloudfront true
-
- Download this cloudfront config file and save as cf-template.json
-
curl https://raw.githubusercontent.com/tomfa/aws-policies/master/cloudfront-static-webfiles.json > cf-template.json
-
- Replace [[YOUR-BUCKET-NAME]] with.. yeah, your bucket name
-
sed 's/\[\[YOUR-BUCKET-NAME\]\]/my-cool-bucket/g' cf-template.json > cf.json
-
- Spin up the CloudFront
-
aws cloudfront create-distribution --distribution-config file://cf.json
-
- Get user policy (for write access to your bucket)
-
curl https://raw.githubusercontent.com/tomfa/aws-policies/master/iam-bucket-write.json > iam-template.json
-
- Again, replace [[YOUR-BUCKET-NAME]] with your actual bucket name.
-
sed 's/\[\[YOUR-BUCKET-NAME\]\]/my-cool-bucket/g' iam-template.json > iam.json
-
- Create the user
-
aws iam create-user --user-name CoolBucketGuy
-
- Create the policy
-
aws iam create-policy --policy-name cool-bucket-write --policy-document file://iam.json
-
- Attach the iam policy to the user (policy-arn will be in output from previous command)
-
aws iam attach-user-policy --usr-name CoolBucketGuy --policy-arn arn:aws:iam::938109129012:policy/cool-bucket-write
-
- You probably want the access and secret key for your user to use somewhere:
-
aws iam create-access-key --user-name CoolBucketGuy
-