Skip to content
By Jason Stirk

Setting up an Amazon S3 bucket with an independent set of keys

We use Amazon S3 on almost every project we work on, and this usually means that we end up needing to create temporary buckets for use on staging or demo sites.

Obviously, we don't want to be reusing the same access key and secret key on every staging and development site, even if they are temporary. Instead we create a separate key pair for each.

Unfortunately, setting up a new user and key pair with access to only a single bucket is quite complex - a pathway littered with woe and despair. But fear not! It's actually pretty straight-forward once you know the pieces of the puzzle.

This guide assumes that you have already got IAM set up and in use on your AWS account.

First, log in to AWS and create a new bucket from the S3 panel.

Open the Properties for the bucket, and click Add more permissions. Set the Grantee to be Authenticated Users, and check List and Upload/Delete. Don't forget to save!

Next, go to the IAM console and Create a New User from the Users panel. Don't forget to note down the security credentials for later use.

We typically attach the permissions to a new group (so we can reuse them later), but you may find that to be overkill depending on your use case. If that's the case, just use the policy below directly on the User.

Otherwise, select Create New Group from the Groups panel.

Select a Custom Policy, and use the following as a template:

  "Statement": [
      "Sid": "Stmt1344909032464",
      "Action": [
      "Effect": "Allow",
      "Resource": [
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "arn:aws:s3:::*"

You need to change "BUCKETNAME" to the name of your bucket from step earlier.

These rules specify :

  • Allow all the S3 permissions on the bucket itself. Some permissions apply against the bucket directly, and this gives access.
  • Allow all the S3 permissions on all the keys within the bucket. Some permissions only apply against keys, and this gives access.
  • Finally, give access for S3 to enumerate all the buckets within the account. This means we can use GUI tools to navigate the bucket which will error out without this permission.

One item to remember is that this does expose all your bucket names for an authenticated user - for our cases this isn't a problem, but YMMV.

Finally, add the User into the Group.

That's it! You should now be able to use the new keys and access only the bucket you specified. Easy, and no woe!

Popular Articles by Our Team

Our expert team of designers and developers love what the do and enjoy sharing their knowledge with the world.

We Hire Only the Best

reinteractive is Australia’s largest dedicated Ruby on Rails development company. We don’t cut corners and we know what we are doing.

We are an organisation made up of amazing individuals and we take pride in our team. We are 100% remote work enabling us to choose the best talent no matter which part of the country they live in. reinteractive is dedicated to making it a great place for any developer to work.

Free Community Workshops

We created the Ruby on Rails InstallFest and Ruby on Rails Development Hub to help introduce new people to software development and to help existing developers hone their skills. These workshops provide invaluable mentorship to train developers, addressing key skills shortages in the industry. Software development is a great career choice for all ages and these events help you get started and skilled up.

  • Webinars


    Webinars are our online portal for tips, tricks and lessons learned in everything we do. Make the most of this free resource to help you become a better developer.

    Learn more about webinars

  • Installfest


    The Ruby on Rails Installfest includes a full setup of your development environment and step-by-step instructions on how to build your first app hosted on Heroku. Over 1,800 attendees to date and counting.

    Learn more about Installfest

  • Development Hub

    Development Hub

    The Ruby on Rails Development Hub is a monthly event where you will get the chance to spend time with our team and others in the community to improve and hone your Ruby on Rails skills.

    Learn more about Development Hub

Get the “reinteractive Review” Monthly Email