How to create subaccounts and share buckets using IAM and CloudBerry S3 Explorer


Hits: 3754  
Note: this post applies to CloudBerry Explorer 2.4.2 and later.
As always we are trying to stay on top of the new functionality offered by Amazon S3 to offer the most compelling Amazon S3 and CloudFront client on Windows platform.
A few weeks ago Amazon introduced Identity and Authentication Management (IAM) Service. It is a new exciting service that allows creating user accounts inside the master account and grant those account a set of permissions. CloudBerry Explorer PRO 2.4 already comes with full support for IAM service and you can learn more about that in our previous blog post.
In this blog post we will look into the very common scenario of creating a subaccount within the master account and granting it permissions to a creation bucket. This might be useful if you for instance work with freelancers and want them to be able to work with the content in their own bucket.

Creating a policy

Click Access Manager in the main menu to run IAM management tool from within CloudBerry Explorer.
image001

In the Access Manager click New User to open up a dialog. Name the user and click ok.
image003
The new user should show up on the list. Right click it and click Add Policy…
image005
Click New Statement and then <select actions> to choose the list of actions that your new users will be allowed to do. You can see below those the most common ones.
Click in: to specify the bucket name and the path. Make sure to add “/*” to the path to propagate the policy to the bucket content.
Click New Statement once again this time for the bucket itself. Choose S3:ListBucket for action and make sure that you don’t add “/*” at the end. This is because you are applying the statement to a bucket not to its contents.
You can optionally set a condition. In our example it is valid only till Nov, 1 2010. After that time the user will not have access to the resource.
Click Ok to create the policy.
Designer
Last but not least, you have to generate an access/ secret key pair for your new user. Click Generate Access Keys… in the user context menu. Copy the keys so that you can hand them over to the user later.
image009

Working as a User

Register an account for the newly created user in CloudBerry Explorer console. Use assess/ secret key created earlier.
Note: you can use CloudBerry Explorer freeware to register one bucket for IAM user. If you need to register more than one bucket you will have to turn to our pro version.
image011
Now, select the newly created account in the drop down list. If you look at the list of buckets it will be empty. This is because we have not granted the user a right to list all buckets. You have to add a bucket as an external bucket manually. Click a green button on the tool bar and type the bucket name manually.
image013
Now you can see the bucket in the console. You can copy, move, delete files, create folders, etc.
image015
As always we would be happy to hear your feedback and you are welcome to post a comment.

CloudBerry S3 Explorer is a Windows freeware product that helps managing Amazon S3 storage and CloudFront . You can download it at http://cloudberrylab.com/

CloudBerry S3 Explorer PRO is a Windows program that helps managing Amazon S3 storage and CloudFront . You can download it at http://pro.cloudberrylab.com/ It is priced at $39.99

Like our products? Please help us spread the word about them. Learn here how to do it.
Want to get CloudBerry Explorer PRO for FREE? Make a blog post about us!

Published by

Sandeep Verma

I’m an Entrepreneur. I’m proud to work as Blogger, LAMP Programmer, Linux Admin, Web Consultant, Cloud Manager, Apps Developer, Searcher. Concentrate > Observe > Imagine > Launch