How to create S3 bucket policy

What's the big deal with all of those jargons?

AWS is fantastic for small teams to build infrastructure. How about an individual developer getting started with his/her side project? Not so great, especially in the beginning.

Two major difficulties I faced when starting out with AWS are firstly, all of the fancy names that Amazon made up (EC2 instead of virtual machines or S3 for … storage!), and secondly, setting policy which is aggravated by the first problem.

To be honest, it’s hard and it’s should be so complex because AWS is built for small teams and enterprises rather than individual developers/hackers. However, I am a simple person, I give permission to read and write at the beginning of all projects I work on. For example, with S3, if you create a new bucket, go to

Permission > Bucket policy > Edit > Policy generator

This is where AWS gives you a nice UI that allows you build JSON-based policy. There are two things that I am confused that most with. They are Principal and Amazon Resource Name (ARN), partly because of their names but also because I have no idea what to put into those fields.

About principal, let’s say you want to grant access to IAM user, use this:

arn:aws:iam::<ID of the user>:user/<Name of the user>

About Amazon Resource Name, just go back to the bucket, find the Properties section, and it’s right there:

I guess having understood where to go for those two areas, you can tell the rest is click and continue. Go on, create your first policy, go back paste it to the bucket policy and you’re good to go.


AWS JSON policy elements: Principal