First let’s create the IAM policy that would allow the appropriate level of access to the S3 bucket:


read -d '' policy <<EOF
  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ],
      "Resource": [ "arn:aws:s3:::${S3_BACKUP_BUCKET}" ]
      "Effect": "Allow",
      "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ],
      "Resource": [ "arn:aws:s3:::${S3_BACKUP_BUCKET}/*" ]

Let’s then create an IAM user and attach the above policy:

export AWS_PROFILE=     # optional
export AWS_REGION=us-east-2
export S3_BACKUP_BUCKET_USER=stackgres-s3-user

aws iam create-user --region $AWS_REGION --user-name $S3_BACKUP_BUCKET_USER

aws iam put-user-policy --region $AWS_REGION --user-name $S3_BACKUP_BUCKET_USER \
	--policy-name ${S3_BACKUP_BUCKET_USER}-policy --policy-document $policy

Then let’s create an access key, the credentials that will be used to access this bucket. The following command will output them, consider redirecting the command below to a file or non-printable command if working on a non-private environment:

aws --output json iam create-access-key --region $AWS_REGION --user-name $S3_BACKUP_BUCKET_USER

Finally, create the bucket:

aws s3 mb s3://$S3_BACKUP_BUCKET --region $AWS_REGION