How to Grant Full Read/Write Bucket Access in the Impossible Cloud Storage Console via CLI
This guide shows how to create users, attach fine-grained inline policies, and control access permissions via the AWS CLI.
IAM (Identity and Access Management) allows you to define granular permissions through policies. These policies use a JSON structure to specify what actions a user can perform and on which resources. By attaching a policy to a user, you can grant them permissions without giving them access to everything in your account.
The following policy is a common and effective way to grant read and write access to a single S3 bucket.
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-impossible-cloud-bucket",
"arn:aws:s3:::my-impossible-cloud-bucket/*"
],
"Sid": "AllowCommonS3Actions"
}
],
"Version": "2012-10-17"
}
Now you can use this .JSON script to create a policy and attached to the desired user. You can do this either via the UI, going to Users > Select the User > Inline policies, for more details follow our guide here.
Or you can also do this CLI, with the following commands:
1. Create the user that will get the inline policy attached to it
aws iam create-user \
--user-name "user-name@yourdomain.com" \
--endpoint-url https://iam.eu.impossibleapi.net/ \
--profile your-profile-name
2. Attach the inline policy to the user
aws iam put-user-policy \ --user-name "user-name@yourdomain.com" \ --policy-name CustomInlinePolicy \ --policy-document file://my-impossible-cloud-policy.json \ --endpoint-url https://iam.impossibleapi.net/ \ --profile your-profile-name
If you are interested in learning how to attached this as a Managed Policy you can go to the article here.