How can I design the IAM role and attach policies requires read-only access to the S3 bucket?
I am an AWS cloud architect for a growing e-commerce company. My team Is developing a new application that requires read-only access to the S3 bucket for retrieving product images. However, I want to ensure that this Access is restricted only to the necessary bucket and doesn’t allow any modifications. How can I design an IAM role and attach policies to it so that I can meet these requirements efficiently and securely?
In the context of AWS, here are the steps given:-
Create an IAM role
You can use the AWS management console to create an IAM role. You can define the trust relationship for allowing service or entities to assume this role.
Create an IAM policy
You can create an IAM policy that can grant read-only access to the specific S3 bucket that contains product images.
Attach policy to IAM role
You can also attach the created policies to the IAM role that you created earlier.
Assign role to the applications
Finally, in your application’s code or Configuration, you can configure the AWS SDK or AWS CLI with the credentials of an IAM entity.
Here is the coding structure given for the above steps:-
Import boto3
Import json
# Create IAM Role
Iam_client = boto3.client(‘iam’)
Trust_policy = {
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “ec2.amazonaws.com” # Assuming your application runs on EC2
},
“Action”: “sts:AssumeRole”
}
]
}
Trust_policy_json = json.dumps(trust_policy)
Role_response = iam_client.create_role(
RoleName=’ProductImagesRole’,
AssumeRolePolicyDocument=trust_policy_json
)
Role_arn = role_response[‘Role’][‘Arn’]
# Create IAM Policy
S3_policy = {
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:GetObject”,
“s3:ListBucket”
],
“Resource”: [
“arn:aws:s3:::your-bucket-name”,
“arn:aws:s3:::your-bucket-name/*”
]
}
]
}
S3_policy_json = json.dumps(s3_policy)
Policy_response = iam_client.create_policy(
PolicyName=’ProductImagesPolicy’,
PolicyDocument=s3_policy_json
)
Policy_arn = policy_response[‘Policy’][‘Arn’]
# Attach Policy to IAM Role
Iam_client.attach_role_policy(
RoleName=’ProductImagesRole’,
PolicyArn=policy_arn
)
# Assume IAM Role and Access S3
Sts_client = boto3.client(‘sts’)
Assumed_role = sts_client.assume_role(
RoleArn=role_arn,
RoleSessionName=’AssumedRoleSession’
)
S3_resource = boto3.resource(
‘s3’,
Aws_access_key_id=assumed_role[‘Credentials’][‘AccessKeyId’],
Aws_secret_access_key=assumed_role[‘Credentials’][‘SecretAccessKey’],
Aws_session_token=assumed_role[‘Credentials’][‘SessionToken’]
)
# Example: List objects in the S3 bucket
Bucket_name = ‘your-bucket-name’
Bucket = s3_resource.Bucket(bucket_name)
For obj in bucket.objects.all():
Print(obj.key)
Hers is the example given by using HTML:-
Upload File to S3 Bucket
Interviews
- Business Analyst Interview Questions
- DevOps Interview Questions
- AWS Interview Questions
- QA Testing Interview Questions
- Software Testing Interview Questions
- SQL Interview Questions
- Salesforce Interview Questions
- Java Interview Questions
- Hibernate Interview Questions
- Spark Interview Questions
- Vmware Interview Questions
- Data Science Interview Questions
- Digital Marketing Interview Questions
- API Testing Interview Questions
- SSAS Interview Questions
- Power BI Interview Questions
- Cloud Computing Interview Questions
- SSRS Interview Questions
- Manual Testing Interview Questions
- Social Media Interview Questions
- Performance Testing Interview Questions
- MSBI Interview Questions
- QTP Interview Questions
- Automation Testing Interview Questions
- SSIS Interview Questions
- GIT Interview Questions