Creating an Amazon Web Services (AWS) User

If you're using the S3 Image Optimizer, you need to create an IAM user in AWS that has access to the bucket(s) you want to optimize. Most of the time, you probably already have done this, and can just use an existing IAM user. But in case you are starting from scratch:

Login to the AWS Console

Already have an Amazon Web Services (AWS) account? Sign in here.

If you don’t have an AWS account yet, you will need to sign up here.

Create an IAM User

Once you have logged into the console, you will need to create a new IAM user:

  1. Navigate to the IAM Users page in the AWS Console
  2. Click the Add user button
  3. Enter a name for the user in the User name field.
    Names are case insensitive and must be unique within your AWS account. User names can be a combination of up to 64 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), and hyphen (-).
  4. Under Access type select the checkbox for Programmatic access.
  5. Click the Next: Permissions button
  6. Click the Next: Review button at the bottom of the page
  7. Click the Create user button (We will set permissions in just a moment)
  8. You will be shown the security credentials for the user, which consists of an Access Key ID and a Secret Access Key. Amazon will not show these again so copy them somewhere safe, or download them as a .csv file. If you lose the keys, you can always create a new set of keys from the console but you cannot retrieve the secret key again later.

Grant IAM User Permissions to S3

When you create a new IAM user, by default it has no permissions at all. We need to give our new user access to S3:
  1. Navigate to the IAM Users page in the AWS Console (you now should see a list of all users in your AWS account)
  2. Click on the new user you just created
  3. The Permissions tab should already be active, click + Add inline policy in the lower right of the tab’s content
  4. Select the JSON tab
  5. Copy the policy below and paste it into the editor
  6. Click the Review policy button
  7. Enter a name for the policy (e.g. S3Access)
  8. Click the Create policy button
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:DeleteObject",
                "s3:Put*",
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}
This policy allows the user to create buckets, delete files, upload files, download files, and list files and buckets. If you're only using this IAM user for for S3 IO, you should be able to skip the CreateBucket and DeleteObject permissions.
And that's it! Let us know if you have any trouble, and we'll be glad to help you out!