Identity and Access Management ( IAM ) works?

Anonymous
2011-12-23
2013-02-19

  • Anonymous
    2011-12-23

    so has anybody been able to get Identity and Access Management ( IAM ) accounts to work with s3cmd? i have used s3cmd allot with my s3 account  but i would like to had off some management to another user. so i created one in IAM.  that user is able to upload content using other tools but i can not seem to get s3cmd to work  for them, i always get access denied when i run s3cmd -configure and enter the IAM user credentials.

     
  • I got some excellent help on the mailing list so i thought i would document what i had to do to make IAM work. for what ever reason you need to give your IAM user full access to everything to begin with. something like this…
    {
      "Statement": [
        {
          "Sid": "r3admin1",
          "Effect": "Allow",
          "Action": [
           "s3:*"
          ],
          "Resource": [
            "arn:aws:s3:::*"
          ]
        }
      ]
    }

    then dos 3cmd -configure

    then reset your policies on that user to restrict thier access down to what you want. i my case i did a group policy to just list all buckets and have full access to a couple of those buckets. this use of IAM made be feel better about using this app on a server without leaving my root credentials in the .ini file. ill leave more notes here
    http://www.region3dfg.org/IM/fm/cloudfm/s3/s3cmd