Now that you’ve seen how to setup the simple system in Amazon S3 for a solopreneur, what we’re going to do is set up a more complex one. And the more complex one we’re going to do actually in my own account. My Amazon S3 sign in is here and so I just have to put my username in and then my password which I have to look up here.
In this case, I’m going to come on over to IAM and I do already have a password policy. I already have an administrator group and I have an application group which I call WP eStore rather than application. So that is already configured and all of my services that access my Amazon S3 account access it through this WP eStore user group.
Create a New Staff User Group
But I’m going to create a new group and this is going to be a staff group. So I’m going to create a new group and I’m going to call it staff. And I’m going to give the staff group power user access. And so the power user access means that they can go in and manage several parts of this but they can’t change user groups or user permissions, stuff like that.
So we’re going to create that staff group and then I’m going to create a couple of users. Let’s go to users and I’m going to create new users. I’ll begin by creating a user for Laura, a user for Melissa, a user for Sheltzer and a user for Jorene. They are my staff. So these are going to be their usernames. They don’t need access keys but they do need login credentials.
Add Users to to Group
So I’m going to create those access keys and then I’m going to choose these users – Sheltzer, Melissa, Laura, and Jorene and I am going to assign them… oh well, pardon me. I can’t do anything to them as a group. So let’s go to group and we’ll pick the staff group and we’re going to add users to the group and the users will be Jorene, Laura, Melissa, and Sheltzer.
Generate Passwords for the Users
Then if I come back over to users, now I want to just give them login credentials. So for Jorene, I’m going to manage password. I’m going to assign her an auto generated password and I’m going to download her credentials and email them to her.
And now that I’m done with Jorene, I’m going to do the same thing with Laura. I’m going to manage her password and then download her credentials and I’m going to do the same thing with Melissa, download her credentials and then with Sheltzer.
So these credentials have a login URL and a password. And a credential shows their username, their password and then a link that they can use to login and this is my link for my setup here. And each of them have their own login link. When they login now, they will have not absolute access to my AWS account but a user access that gives them all the permissions that they need in order to do their job without giving them the ability to mess up my AWS account.
What Good Security Looks like in AWS
The purpose of demonstrating this is to show you the security system. That system is an important part of using Amazon S3 or more specifically, AWS – Amazon Web Services. You want to make sure you have decent security. And a decent security means that you define user groups, user roles, give them login credentials and then do the rest of your work from there.
Somebody asks, “Suppose a user got mad at you. What limits are there to prevent them from hurting your site?” Well, the whole point of that is that presumably, if you were going to fire one of your staff, before you fire them, you would remove their access rights, right?
I mean, you’re going to give access rights to the level that you trust. And so what you should never do, what we typically used to do and what you should never do anymore is give root access to your AWS account.
If you’re going to give someone like me access to your account for the purpose of either troubleshooting a problem or showing you how to do something or demonstrate something, you should give them an administrator account. And then when they’re done with that task, you should remove that administrator account. That’s the way it should work.
Now we’ve gone through the process of setting up user permissions for solopreneurs and the process of setting up user permissions for a small business context. Next up we’ll be looking at the Amazon S3 file system.