Introduction
This challenge demonstrates how to use AWS IAM roles and temporary credentials to allow a user (s3-support) to assume a role (S3WriteRole) and write files to a previously created S3 bucket. This is done exclusively using command-line tools (AWS CLI).
Objective
Set up an environment in AWS where:
- An IAM user with no direct permissions can assume a role with permissions to write to an S3 bucket.
- Access is achieved through temporary credentials using the AWS CLI.
- Diagram, explanation, and presentation of evidence for the process.
Steps Performed
1. Create S3 bucket The bucket named desafio3-lucas-s3 was created using the iamadmin profile:
2. Create IAM Role with Policies Creation of trust and permission policies (JSON):
s3_write_policy.json
trust_policy.json
Commands used:
Role:
Policy:
JSON Responses:
3. Add policy to rol
4. Create IAM user s3-support The following was generated:
- User: s3-support
- Programmatic credentials (access key + secret key)
5. Configure AWS CLI with the user
6. Asumir rol desde CLI y obtener credenciales temporales
Temporary credentials
7. Validate permissions by writing to the bucket
