In this article we talk about how to create an S3 bucket and credentials that allow only write access to only this bucket.

You might want to use it for Postgres backups

  1. Go to AWS interface for S3 service: https://s3.console.aws.amazon.com/s3/buckets?region=eu-central-1
  2. Create a bucket https://s3.console.aws.amazon.com/s3/bucket/create?region=eu-central-1
  3. Give bucket, pick a region, ACL disabled:
  4. Scroll down and click the "Create bucket" button.
  5. On the top right of the screen find your username, click on it to open a dropdown and open the link "Security Credentials" https://us-east-1.console.aws.amazon.com/iam/home?region=eu-central-1#security_credential
  6. Click on "Policies" in the left sidebar
  7. Click on the "Create policy" button
  8. Open JSON tab. and paste this JSON into the field, replace mywriteonlybucket with your bucket name:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::mywriteonlybucket/*"
    }
  ]
}

Now click on "Next: Tags", then "Next: Review"

Give this policy a name ad click the "Create policy" button 9. Now go to Users section 10. Click on the "Add users" button 11. Give your new user a name, leave "Provide user access to AWS Management Console" unchecked and click "Next" 12. Pick "Attach policies directly" 13. Find the policy that we created earlier and check it in the list, click next 14. Click the "Create user" button 15. You will be taken to the list of all users. Find your new user, click on it. 16. Click on the tab "Security credentials" 17. Click "Create access key" 18. Pick "Command Like Interface (CLI)", check that you understand their recommendations and click "Next" 19. Click the button "Create access key".

Grab your keys and save them safely and don't let anyone get their hands on your keys!