Go to IAM > Policy > groups, Create Policy
Here is the sample structure to create the access right for the s3 folder i created
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::cdn.example.com/assets/fonts*",
"arn:aws:s3:::cdn.example.com/assets/images*",
"arn:aws:s3:::cdn.example.com/assets/views*",
"arn:aws:s3:::cdn.example.com/assets/videos*"
]
}
]
}name policy as
s3-cdn-exampledescription
policy access to s3 bucket cdn.example.comGo to IAM > Groups, Create group
grp-s3-cdn-example-prog-accessSelect Policy, filter by Customer Managed, and you’ll see the policy just created
Go to IAM > Users, Add user
Input name as
s3-cdn-exampleSelect AWS access type, Programmatic access
Next, Permission, select the group, grp-s3-cdn-example-prog-access just created before
Download key and save into a safety place, which is for later use in your API code