Creating Secure Credentials for AWS

Below we will create credentials with write-only access to AWS S3.

Creating an S3 Bucket

If you haven’t already, create a new S3 bucket. Make sure that you do not enable public access to the bucket.

Creating an AWS User with Limited Access

First we need to create a policy with write-only access to the bucket.

Creating The Policy

It is important to use a user that has limited access, so if an attacker steals the credentials you use with Cado Live Imager they cannot abuse them.

First access the Access Management Policies page.

Click Create Policy.

Select Service as S3 and Actions as Write->PutObject

Click Specific Resources then under bucket, click Add ARN

Enter the name of your bucket, then click Add

Then Click through to create the policy.


Creating a User

First access the IAM User Page and select Add User.

Create a new user with Programmatic access.

Next select the permissions policy you just created.

Then Click through to Create the User and retrieve the Access Key and Secret Key.

You are ready to go if you have:

1) The Access Key;

2) The Secret Key; and

3) The Bucket Name