Skip to main content

We now recommend using the automatically created temporary credentials generated by Cado Response. See our documentation here for more details.

Creating Secure Credentials for AWS

Below we will create credentials with write-only access to AWS S3.

Creating an S3 Bucket

If you haven't already, Create a new S3 bucket. Make sure that you do not enable public access to the bucket.

Creating an AWS User with Limited Access

First we need to create a policy with write-only access to the bucket

Creating The Policy

It is important to use a user that has limited access, so if an attacker steals the credentials you use with Cado Live Imager they cannot abuse them.

  • First access the Access Management Policies page.
  • Click Create Policy.
  • Select Service as S3 and Actions as Write->PutObject
  • Click Specific Resources then under bucket, click Add ARN
  • Enter the name of your bucket, then click Add
  • Then Click through to create the policy.

Creating a User

  • First access the IAM User Page and select Add User.
  • Create a new user with Programmatic access.
  • Next select the permissions policy you just created.
  • Then Click through to Create the User and retrieve the Access Key and Secret Key.

In the end, you are ready to go when you have:

  1. The Access Key
  2. The Secret Key
  3. The Bucket Name