Creating Read only Users

Wade Robson edited this page Jun 20, 2016 · 3 revisions

To use this project properly you need to setup the proper access to your files. If you don't do this and someone gets your root access credentials you're gonna have a bad time™. It is absolutely critical that you do this step!! So don't say I didn't warn you!

Create read-only policy

Before we can create our read-only user we must create a policy.

  1. Login to your IAM Dashboard
  2. Select Policies on the left and then select Create Policy.
    *If its your first time in here you might have to hit Get Started first.
  3. On the next page select Create Your Own Policy.
  4. Give your policy a name. I chose "munki-read-only", it doesn't matter, what matters is you remember it. Description is also arbitrary.
  5. Copy and paste the example policy into the Policy Document section and replace the "S3_BUCKET_GOES_HERE" with the name of your s3 bucket(this is not the URL).
  6. Click Validate Policy and if its sucessful, go ahead and click Create Policy.

Example IAM policy for read-only access.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::S3_BUCKET_GOES_HERE"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::S3_BUCKET_GOES_HERE/*"
        }
    ]
}

Creating a read-only User

Now that we have the policy we can attach it to a user.

  1. Login to your IAM Dashboard
  2. Select Users on the left and then select Create Users.
  3. Enter a user name you want to user and make sure to leave the Generate an access key for each user checkbox checked, then select Create.
  4. Either chose to Show User Security Credentials or Download Credentials. It doesn't really matter just make a note of what they are because its the last time you'll be able to retrive them. When your done select Close
  5. Select your newly created user from the list of users.
  6. Select the Permissions tab.
  7. Hit Attach Policy and then check the box next to the policy we created earlier and select Attach Policy
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.