diff --git a/AWS-IAM-CLI.md b/AWS-IAM-CLI.md new file mode 100644 index 0000000..6ef0acf --- /dev/null +++ b/AWS-IAM-CLI.md @@ -0,0 +1,66 @@ +# Installation + +See [AWS-CLI-with-SeaweedFS](https://github.com/chrislusf/seaweedfs/wiki/AWS-CLI-with-SeaweedFS#installation) + +# Execute commands + +## Create s3 credentials + +Create user and access key +``` +aws --endpoint http://127.0.0.1:8111 iam create-access-key --user-name Bob +{ + "AccessKey": { + "UserName": "Bob", + "AccessKeyId": "X8R439UM7OSQJX28I9QTP", + "Status": "Active", + "SecretAccessKey": "FLh9yeeYhzA7qsiyLIXsvuhv4g2cSgoUJJe/EqZw1z" + } +} +``` + +Create read only access to the bucket +``` +echo ' +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:Get*", + "s3:List*" + ], + "Resource": [ + "arn:aws:s3:::EXAMPLE-BUCKET", + "arn:aws:s3:::EXAMPLE-BUCKET/*" + ] + } + ] +} +' > S3-read-only-example-bucket.policy +aws --endpoint http://127.0.0.1:8111 iam put-user-policy --user-name Bob --policy-name ExamplePolicy --policy-document file://S3-read-only-example-bucket.policy +``` + +Checking +``` +echo 's3.configure' | weed shell +{ + "identities": [ + { + "name": "Bob", + "credentials": [ + { + "accessKey": "X8R439UM7OSQJX28I9QTP", + "secretKey": "FLh9yeeYhzA7qsiyLIXsvuhv4g2cSgoUJJe/EqZw1z" + } + ], + "actions": [ + "Read:EXAMPLE-BUCKET", + "List:EXAMPLE-BUCKET" + ] + } + ] +} + +```