Task 3: Create the instance
|
Time to complete |
5 minutes |
|
Requires |
|
|
Get help |
Overview
In this task, you will create an S3 access grants instance, register a location, and set up an access grant for the S3 bucket you’ve created in the previous task.
Implementation
-
Open the console
Open Amazon S3 Access Grants console
, and choose Create S3 Access Grants instance. 
-
Add Identity Center instance ARN
Select Add IAM Identity Center instance. For IAM Identity Center instance ARN, enter the InstanceARN you copied in Task 1 and choose Next.
-
Create the instance
Choose Next to create an S3 Access Grants instance.
Select Cancel. (Note: This is for ease of creating a new IAM Role).
-
Open Locations
Choose the Locations tab.
-
Configure location
On the Register location page, do the following:
-
For the Scope, select Browse and choose your bucket.
-
Note that the scope begins with the string s3://.
-
-
For the IAM role, choose Create new role.
-
This role allows S3 Access Grants to access your specified location scope.
-
Choose Register location to continue.
-
-
Create a grant
Choose Create Grant.
-
Choose location
For Location, choose Browse locations, then choose the location that you registered in the Register a location section.
Then select Choose path.
-
Configure and create grant
On the Path page, do the following:
-
For Subprefix, enter * to indicate that the access grant applies to the entire bucket.
-
For Permissions, select Read and Write.
-
For Grantee type, select Directory identity from IAM Identity Center.
-
For Directory identity type, select User.
-
For IAM Identity Center user ID, enter the user ID you copied in Task 1.
Choose Create Grant.
-
Conclusion
In this task, you created an S3 Access Grants instance, registered a location, and set up an access grant for the S3 bucket you created in the previous task.
