Now that you know why using Amazon S3 is useful for storing and hosting large files, we’re going to start off here by setting up permissions. And the context that we’re setting up permissions in at the moment is of a solo-preneur.
Permissions for Accessing and Managing the Account
We’re going to come here and click on the IAM feature. And what this does is it sets the big set of permissions for who can access files and who can manage the account. And right now, we are logged in with John’s root account and that’s not a good idea because somebody in a root account can wreck havoc in the account.
Don’t Work In the Root Account
It doesn’t make any sense for you yourself to work in the root account unless you absolutely have to. And if you have employees that are working for you then you really don’t want them in the root account. You want them to have some kind of access and this access is very much like WordPress, sort of like an administrator and a subscriber and a moderator and that sort of thing.
Create an Administrator Group
So we’re going to start by creating an administrator group. We’re just going to call it administrator and we have policy templates and we’re going to give the administrator, administrator access. Select that and just say continue to this.
Create Administrative Users
And then we’re going to create a couple of administrative users. First, we’re going to create one for John so that’s his username. Then we’re going to create one for me so that I can continue to work in this. And at the moment, we do not need to generate an access key for each user.
Access Keys vs Passwords and Login Credentials
The regular human users don’t need access keys. The kinds of application users, program users, need application keys or access keys but we don’t. We’ll use passwords and login credentials instead.
So anyway, we have two users here and administrators can essentially manage the entire account. That’s the highest level besides the root. You may be in the position where you need someone to help you and it may be the case that the administrator is the right group to place them in. So anyway, we’re going to say continue to this.
Setup Password Policy
And now that we’ve done that, we want to set our password policy. So we’ll come over here and go to password policy. We’re going to say our minimum password length is 8 characters and then we’re going to require at least one uppercase letter, require one lowercase letter, one number and at least one non-alphanumeric character and apply the password policy.
So to recap, now we have an administrator’s group and we have a password policy and we have two users. If we come over here and look at our users for a moment, we can go to John Greg and we can look at his permissions. He’s an administrator. We can look at security credentials and we’ve got a username but we’ve got no password for him yet, right?
So what we would do is select manage password and then we’ll just use an auto generated password for this so we’ll go ahead and say apply. And then we will download the credentials and email those credentials to him.
Now I also need a password so I’m going to do the same thing and then I’m going to say manage password. And I’m going to auto generate or auto assign it.
Now I’m going to show you what this looks like if I click on this. So here’s my login name and here’s my password. By the time you see this video, of course, this login name and password is not going to exist anymore so it doesn’t really matter. But I’m going to copy this because for the rest of the work I do in here is going to be done from the administrator login rather than from the root login.
Use New Passwords to Login to Account
We’re going to close this, close the window. Let’s come back over to the dashboard, here is our user… our sign in URL, right? So I’m going to copy this now and I’m going to logout and then I’m going to go to that URL and I’m going to log in with my username and password.
Setup Application User Group (for Plugins)
And now I’m logged in as an administrator but I’m not logged as the root user. We’re going to come back over to this and we’re going to set up one more user group and that user group is going to be the application user group. And by application, I’m talking about plugins. This is the user group that we’re going to assign plugins to so that plugins can access the information that they need to access. We’ll go ahead and hit continue.
And now, the applications are not going to have any kind of access like this. We’re going to scroll down here to the Amazon S3 Full Access. Amazon S3 Full Access lets the application upload files, download files and delete files.
If you think about the BackupBuddy scenario where BackupBuddy backs it up and then uploads it to Amazon S3, if you have BackupBuddy only store say, a maximum of 10 backup files onto your system, when it gets to back up file 11, it’s going to delete a file before it can upload the next one, right?
So you’ve got upload, you’ve got delete. And then you can also use BackupBuddy to restore from files on Amazon S3. And so now Backup Buddy needs to be able to read the files. So you can see that there’s this whole system of reading, writing, deleting that plugins like BackupBuddy need to have access to.
Shopp is another plugin where if you’ve got it configured properly to integrate with Amazon AWS, when you add product files, you don’t have to actually upload them yourself to Amazon. You can do that from inside the Shoppe dashboard.
There are different ways in which plugins interact with Amazon Web Services. But what we really want to do here for our purposes is we want to give the Amazon S3 full access.
Generate Access Key for WP eStore
So we’ll select that, we’ll select continue and now, we’re going to create a new user and we’re just going to call it WP eStore. We’re not using it right now but we’ll be using it in the near future. And so in this case, we do want to generate an access key because WP eStore doesn’t need a login name and a password. It needs these access keys.
We’ll go ahead and generate it. We click continue and then continue we could download those security credentials so that we have copies of them. But we can always get them when we need them otherwise.
Now let’s come back over and look at groups, here we go. We’ve got our groups. We’ve got our 3 sets of users and this is essentially the setup that you would use with a solopreneur where you yourself have access and maybe you’ve got a consultant that you’re giving some access to. And then you’ve got an application that has access but you don’t have a whole bunch of other uses or a bunch of other users.
In a moment, we’re going to switch over to how to configure Amazon S3 when you have multiple users. Essentially, we’re going to be configuring it for BYOB website where I have a number of staff with different roles. And in fact, we may as well just do that right now.