Creating Secure Credentials for AWS

Below we will create credentials with write-only access to AWS S3.


Creating an S3 Bucket

If you haven’t already, create a new S3 bucket. Make sure that you do not enable public access to the bucket.

Creating an AWS User with Limited Access

First we need to create a policy with write-only access to the bucket.

Creating The Policy

It is important to use a user that has limited access, so if an attacker steals the credentials you use with Cado Live Imager they cannot abuse them.

First access the Access Management Policies page:

Click Create Policy

Select Service as S3 and Actions as Write->PutObject

Click Specific Resources then under bucket, click Add ARN

Enter the name of your bucket, then click Add

Then Click through to create the policy.

Creating a User

First access the IAM User Page and select Add User:

Create a new user with Programmatic access:

Next select the permissions policy you just created:

Then Click through to Create the User and retrieve the Access Key and Secret Key.

You are ready to go if you have:

1) The Access Key;

2) The Secret Key; and

3) The Bucket Name