Creating an Amazon Web Services (AWS) User

If you're using the S3 Image Optimizer, you need to create an IAM user in AWS that has access to the bucket(s) you want to optimize. Most of the time, you probably already have done this, and can just use an existing IAM user. But in case you are starting from scratch:

Login to the AWS Console

Already have an Amazon Web Services (AWS) account? Sign in here.

If you don’t have an AWS account yet, you will need to sign up here.

Create an IAM User

Once you have logged into the console, you will need to create a new IAM user:

  1. Navigate to the IAM Users page in the AWS Console
  2. Click the Create user button
  3. Enter a name for the user in the User name field.
    1. This user will not need access to the AWS console, but only programmatic access.
    2. Names are case insensitive and must be unique within your AWS account. User names can be a combination of up to 64 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), and hyphen (-).
  4. Click Next to assign permissions.
    1. If you have an existing group or user with the proper permissions, you may add the new user to that group, or copy permissions from another user.
    2. Otherwise, click Attach policies directly and enter s3full in the search/filter.
  5. Click the Create user button, and we will generate access keys next.

Create Access Keys

  1. Click on the new user in the Users list.
  2. Select the Security credentials tab, scroll down to Access keys, and then click Create access key.
  3. On the Access key best practices screen, choose Application running outside AWS and click Next.
  4. Tags are optional, click Create access key when you're ready.

  5. You will be shown the security credentials for the user, which consists of an Access Key and a Secret Access Key.

    *Amazon will not show these again so copy them somewhere safe, or download them as a .csv file. If you lose the keys, you will need to create a new set of keys from the console, and you should probably remove the old keys in such a case.

Optional: Restrict IAM User Permissions to S3

The AmazonS3FullAccess policy allows the user to create buckets, delete files, upload files, download files, and list files and buckets. If you're only using this IAM user for for S3 IO, you don't need the CreateBucket and DeleteObject permissions.

To create a custom policy for your new user:

  1. Navigate to the IAM Users page in the AWS Console (you now should see a list of all users in your AWS account)
  2. Click on the new user you just created
  3. The Permissions tab should already be active, click Add permissions and then choose Create inline policy.
  4. Click the JSON button to switch to the JSON editor, but note that it is (very) picky about spacing.
  5. Copy the below policy, and if needed, convert all spaces to tabs. *Double-click the spaces to select all of them and then you can press the Tab key to properly indent each line.
  6. Click Next to review the policy and give it a name.
  7. Enter a name for the policy (e.g. S3Access)
  8. Click the Create policy button
  9. If you have the AmazonS3FullAccess policy still attached to your user, you can now remove it!
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Put*",
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}
And that's it! Let us know if you have any trouble, and we'll be glad to help you out!

Still need help? Contact Us Contact Us