Browse files

Add a more specific setup-credentials doc

  • Loading branch information...
1 parent e8600fc commit 83d2c05c926a149e7b47d1600ad1fa5bf9cd16b9 @laurilehmijoki committed Jan 7, 2014
Showing with 53 additions and 1 deletion.
  1. +2 −1 README.md
  2. +51 −0 additional-docs/setting-up-aws-credentials.md
View
3 README.md
@@ -24,7 +24,8 @@
Here's how you can get started:
-* In [AWS IAM](https://console.aws.amazon.com/iam), create API credentials that have sufficient permissions to S3
+* Create API credentials that have sufficient permissions to S3. More info
+ [here](https://github.com/laurilehmijoki/s3_website/blob/master/additional-docs/setting-up-aws-credentials.md).
* Go to your website directory
* Run `s3_website cfg create`. This generates a configuration file called `s3_website.yml`.
* Put your AWS credentials and the S3 bucket name into the file
View
51 additional-docs/setting-up-aws-credentials.md
@@ -0,0 +1,51 @@
+# Setting up AWS credentials
+
+Before starting to use s3\_website, you need to create AWS credentials.
+
+## Easy setup
+
+* Go to [AWS IAM console](https://console.aws.amazon.com/iam)
+* Create a new user that has full permissions to the S3 and CloudFront services
+* Call `s3_website cfg create` and place the credentials of your new AWS user
+ into the *s3_website.yml* file
+* Read the main documentation for further info
+
+## Limiting the permissions of the credentials
+
+AWS IAM offers multiple ways of limiting the permissions of a user. Below is one
+way of configuring the limitations and yet retaining the capability to use all
+s3\_website features.
+
+If you know the hostname of your public website (say `my.website.com`), perform the
+following steps:
+
+* Create a user that has full permissions to the S3 bucket
+* In addition, let the user have full permissions to CloudFront
+
+Here is the IAM Policy Document of the above setup:
+
+```json
+{
+ "Statement": [
+ {
+ "Action": [
+ "cloudfront:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::my.website.com",
+ "arn:aws:s3:::my.website.com/*"
+ ]
+ }
+ ]
+}
+```

0 comments on commit 83d2c05

Please sign in to comment.