Create a User with Programmatic S3 Access with AWS IAM
You can drag and drop files directly into your S3 bucket but that isn't the most efficient workflow most of the time. In order to upload our static site from the command line using the AWS CLI we will have to create a new user with the correct permissions using IAM.
The IAM data model is an advanced topic that we won't be covering in this lesson. But, what will we cover is how to create a user and assign them the existing policy, AmazonS3FullAccess
Sam Julien: [0:00] Now that we've got an S3 bucket readily available for us to host our React application, we need to actually get our files up onto our S3 bucket. There are a couple different ways we could do that. We could just go ahead and click on this Upload button and drag and drop all of our files from our Build folder onto our S3 bucket. That's perfectly acceptable.
[0:24] It's not as fun though as doing it from the AWS Command Line Interface, or CLI. AWS has a Command Line Interface that you can configure and then programmatically or from the command line go ahead and upload and create different types of resources.
[0:43] The instructions for installing the AWS CLI are in the documentation, and they might vary for your machine. I'm not going to walk you through the actual installation process. I will show you what we need to do to configure and use the CLI to deploy our files for our React application to an S3 bucket.
[1:03] In order for us to use the CLI and upload to our S3 bucket, the first thing we need to do is create a new user that is solely for the purpose of deploying our site to S3. This is a security best practice, where, basically, you don't want to use a full-fledged user to deploy your site using the CLI. Why is that?
[1:27] In this current account, there are a number of things that I can do. I can create any number of resources that will then cost any amount of money. We want to create a specific user solely for the purpose of uploading to this S3 bucket, just in case it gets into the wrong hands.
[1:46] I'm going to go over to Services. We need to go to the IAM Service. IAM stands for Identity and Access Management. If I scroll down to the Security, Identity and Compliance section, you can see it right there. I, again, favorited this service so that it shows up over in my Favorites sidebar.
[2:08] I'm going to click IAM. The IAM Dashboard has a number of different things you can do. We're going to go ahead and go over to Users, and we're going to click Add Users. What we're going to do is create a user that only has access to S3 and only has access through the command line. It's not going to be a user that can actually login through this dashboard.
[2:32] For our username here, you can make up whatever you want. I'm just going to say Egghead S3 User. The important part is, we need to click this Access Key for programmatic access.
[2:43] This is going to give us an access key ID and a secret access key in order to use the CLI. I'm going to click Next for permissions. In a real world situation, you would likely create a group for programmatic users that have a certain number of settings or policies attached to them.
[3:02] Since we're just creating a single user to do a single job, I'm not going to create a group. I'm going to instead do this attach existing policies directly button. In AWS, you add permissions to groups and users using these things called Policies.
[3:20] Policies are basically like scripts that explain the level of access that the recipient has. If you look at this list, you're going to see a bunch of the different services as well as some amount of access. For example, you can see here, Alexa for Business, Full Access.
[3:41] This policy can get added to a user and that user is going to have full access to Alexa for Business. The IAM data model for AWS is very difficult to wrap your head around, so don't get hung up on this right now.
[3:55] Just go ahead and keep following the instructions and keep learning and eventually, it'll start to click. Don't feel bad at all if you find this extremely confusing. I'm going to go to our search box here and I'm going to type S3. That's going to filter down all of the different S3 policies.
[4:12] We're going to click on Amazon S3, Full Access. Essentially, what I'm doing is I'm giving this user full access to S3. I've given them an access key to be able to get to it from the CLI. Next, I'm going to click Tags. I'm going to do a key of type and a value of Egghead demo.
[4:32] Next, I'm going to click Review and you can see here that we've got our different options set up. I'm going to click Create User. In order for this user to use the CLI, we're going to need this access key ID and this secret access key. Now our user is created.
[4:51] Don't close this window though. We're actually going to need the access key ID and the secret access key in order to set this user up with the CLI. This is the only time you're going to be able to see this secret access key.
[5:04] Hang tight and in the next video, we're going to set up the CLI in order to deploy our React site to S3.
Member comments are a way for members to communicate, interact, and ask questions about a lesson.
The instructor or someone from the community might respond to your question Here are a few basic guidelines to commenting on egghead.io
Be on-Topic
Comments are for discussing a lesson. If you're having a general issue with the website functionality, please contact us at support@egghead.io.
Avoid meta-discussion
Code Problems?
Should be accompanied by code! Codesandbox or Stackblitz provide a way to share code and discuss it in context
Details and Context
Vague question? Vague answer. Any details and context you can provide will lure more interesting answers!