Skip to content

Update tutorial.md #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update tutorial.md #212

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b43f532
Update tutorial.md
jsindt May 22, 2025
087e825
Update tutorial.md
jsindt May 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 30 additions & 28 deletions docs/services/s3/tutorial.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ List the buckets in your account:
aws s3 ls
```

Create a bucket:
Create a bucket (note: the name must be between 3-63 characters, and must contain only lower case letters, numbers, hyphens '-', or full stops '.'):

```bash
aws s3api create-bucket --bucket <bucketname>
Expand Down Expand Up @@ -213,6 +213,16 @@ s3.meta.client.meta.events.unregister('before-parameter-build.s3', validate_buck

## Access policies

### Set policy using AWS CLI

Grant permissions stored in an IAM policy file:

```bash
aws s3api put-bucket-policy --bucket <bucketname> --policy "$(cat bucket-policy.json)"
```

### Example bucket permission policies

Buckets owned by an EIDF project are placed in a tenancy in the EIDF S3 Service.
The project code is a prefix on the bucket name, separated by a colon (`:`), for example `eidfXX1:somebucket`.
Note that some S3 client libraries do not accept bucket names in this format.
Expand Down Expand Up @@ -274,36 +284,28 @@ Give public read access to a bucket (listing and downloading files):

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:ListBucket"],
"Resource": [
f"arn:aws:s3::eidfXX1:somebucket"
]
},
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": [
f"arn:aws:s3::eidfXX1:somebucket/*"
]
}
]
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:ListBucket"],
"Resource": [
"arn:aws:s3::eidfXX1:somebucket"
]
},
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": [
"arn:aws:s3::eidfXX1:somebucket/*"
]
}
]
}
```

### Set policy using AWS CLI

Grant permissions stored in an IAM policy file:

```bash
aws put-bucket-policy --bucket <bucketname> --policy "$(cat bucket-policy.json)"
```

### Set policy using Python `boto3`

Grant permissions to another account: In this example we grant `ListBucket` and `GetObject` permissions to account `account1` in project `eidfXX1` and `account2` in project `eidfXX2`.
Expand Down