Notes and anecdotes

Techstuff rambling

Add S3 bucket using awscli (example)

Here’s a simple step by step guide on how to create a s3 bucket, with an attached cloudfront and a user with write access. This is typically what you want if you need quick hosting for static files for you website.

This is made in contrast to the terraform guide, which does the same, but using different tools

If you haven’t already, setup awscli (using python and pip)

pip install awscli
aws configure

You here have to provide your access key and secret key, which can be found at aws console.

  1. Create bucket 
    1. aws s3api create-bucket --bucket my-cool-bucket --acl public read --region eu-west-1
  2. Get public read policy for bucket 
    1. curl https://raw.githubusercontent.com/tomfa/aws-policies/master/s3-bucket-public-read.json > s3-template.json
  3. Replace [[YOUR-BUCKET-NAME]] with the name of your bucket 
    1. sed 's/\[\[YOUR-BUCKET-NAME\]\]/my-cool-bucket/g' s3-template.json > s3.json
  4. Apply the bucket policy 
    1. aws s3api put-bucket-policy --bucket my-cool-bucket --policy file://s3.json
  5. Enable CloudFront cli (it’s in beta) 
    1. aws configure set preview.cloudfront true
  6. Download this cloudfront config file and save as cf-template.json 
    1. curl https://raw.githubusercontent.com/tomfa/aws-policies/master/cloudfront-static-webfiles.json > cf-template.json
  7. Replace [[YOUR-BUCKET-NAME]] with.. yeah, your bucket name 
    1. sed 's/\[\[YOUR-BUCKET-NAME\]\]/my-cool-bucket/g' cf-template.json > cf.json
  8. Spin up the CloudFront 
    1. aws cloudfront create-distribution --distribution-config file://cf.json
  9. Get user policy (for write access to your bucket) 
    1. curl https://raw.githubusercontent.com/tomfa/aws-policies/master/iam-bucket-write.json > iam-template.json
  10. Again, replace [[YOUR-BUCKET-NAME]] with your actual bucket name. 
    1. sed 's/\[\[YOUR-BUCKET-NAME\]\]/my-cool-bucket/g' iam-template.json > iam.json
  11. Create the user 
    1. aws iam create-user --user-name CoolBucketGuy
  12. Create the policy 
    1. aws iam create-policy --policy-name cool-bucket-write --policy-document file://iam.json
  13. Attach the iam policy to the user (policy-arn will be in output from previous command) 
    1. aws iam attach-user-policy --usr-name CoolBucketGuy --policy-arn arn:aws:iam::938109129012:policy/cool-bucket-write
  14. You probably want the access and secret key for your user to use somewhere: 
    1. aws iam create-access-key --user-name CoolBucketGuy
AWSawsclicloudfrontiampolicyS3

tomfa • 2015-12-20

Previous Post

Next Post