'S3 programmatic access via Java

I'd need to create out of my Java program a private S3 bucket and an IAM user that is allowed to access that bucket only.

So I'd have some admin account credentials to create an S3Client

AmazonS3 s3client = AmazonS3ClientBuilder
  .standard()
  .withCredentials(new AWSStaticCredentialsProvider(credentials))
  .withRegion(Regions.US_EAST_2)
  .build();

and then with some null checks and so on create my bucket

s3client.createBucket(bucketName);

Now I'd need to block all public access to this bucket (Can I?)

And create an IAM user with AWS Credential Type equal "Access key - Programmatic access" and set its policy to something like this, so that it can only access that bucket I just created (Just a snippet from the official documentation)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Action": ["s3:ListBucket"],
            "Resource": ["arn:aws:s3:::bucket-name"]
        },
        {
            "Sid": "AllObjectActions",
            "Effect": "Allow",
            "Action": "s3:*Object",
            "Resource": ["arn:aws:s3:::bucket-name/*"]
        }
    ]
}

Is that possible somehow?



Solution 1:[1]

At the end I did find a pretty good solution. Sampler

Solution 2:[2]

In fact this is a main question to have a security in the bucket level or in the IAM level.

In the approch "What can this user do in AWS?" you can explore using IAM Policy ( managed policy, inline policy...)

In the approch Who can access this S3 bucket? then you can explore using S3 Bucket policy to centralize security in the bucket to accounts...

By default any new bucket is in a mode no public accessible, and any user IAM have permissions to S3 can access it.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Hons
Solution 2 Hatim