# AWS S3 Permissions When connecting [Publisher](https://github.com/DNAstack/dnastack-product-docs/blob/main/docs/publisher/data-sources/connectors/broken-reference/README.md) to AWS S3, proper permissions configuration ensures secure and controlled access to your data. These permissions define how Publisher interacts with your S3 buckets, determining which operations can be performed and what security measures are in place. The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Publisher and your AWS S3 resources. ## Concepts 1. **IAM User**: This is an identity created for an individual user who needs access to AWS services. Each IAM user has a unique name and can have one or more access keys. 2. **IAM Role**: This is an identity that can be assumed by anyone who needs temporary access to AWS resources. Roles are used to delegate access to users, applications, or services that don't usually have access to your AWS resources. 3. **S3 Bucket**: This is a container for storing objects in Amazon S3. Each bucket has a unique name and can store an unlimited number of objects. 4. **Permission**: These are granular actions a user or role can perform on a given resource. Examples include s3:ListBucket, s3:GetObject, etc. 5. **Policy**: A collection of permissions that define what actions are allowed or denied for a user, group, or role. Policies are written in JSON and can be attached to IAM users, groups, or roles. ## Minimal Configuration {% hint style="info" %} To perform these operations, you must log in to your [AWS](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) as an administrator. This setup represents the minimal permissions needed to connect Publisher to an AWS S3 Storage bucket. {% endhint %} ### Creating Credentials Create a new IAM User ```bash aws iam create-user --user-name publisher-connectors ``` Attach a Policy to the IAM User ```bash aws iam put-user-policy --user-name publisher-connectors --policy-name S3AccessPolicy --policy-document '{ "Version": "2024-10-24", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::${BUCKET}", "arn:aws:s3:::${BUCKET}/*" ] } ] }' ``` Create Access Keys for the IAM User ```bash aws iam create-access-key --user-name publisher-connectors ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.omics.ai/products/publisher/data-sources/connectors/aws-s3-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.