Skip to main content
warning

We now recommend using the automatically created temporary credentials generated by Cado. For more details, see our documentation here.

How to Create Secure Credentials for AWS

Below are the steps to create AWS credentials with write-only access to an S3 bucket.

Step 1: Create an S3 Bucket

If you haven't created an S3 bucket yet, follow the instructions to Create a new S3 bucket. Ensure that public access is not enabled to maintain security.

Step 2: Create an AWS User with Limited Access

Next, we'll create a policy with write-only access to the S3 bucket. This ensures that even if an attacker compromises the credentials, they won't have full access.

Creating the Policy

  1. Go to the Access Management Policies page.
  2. Click Create Policy.
  3. Under Service, select S3 and under Actions, choose Write -> PutObject.
  4. Click Specific Resources, then under Bucket, click Add ARN.
  5. Enter the name of your S3 bucket and click Add.
  6. Follow the prompts to create the policy.

Creating the User

  1. Go to the IAM User Page and click Add User.
  2. Create a new user with Programmatic access.
  3. Assign the write-only policy you just created to the user.
  4. Follow the steps to create the user and retrieve the Access Key and Secret Key.

Ready to Go

Once completed, you will have:

  1. The Access Key
  2. The Secret Key
  3. The S3 Bucket Name

With these credentials, you'll be ready to securely upload data to your AWS S3 bucket.