Why can my IAM user create a bucket but not upload to it?
First you need to understand that bucket names are unique across the whole amazon domain. So if a user already has a bucket named "backup", you will not be able to create a new one with this name.
That been said, You have two main ways to manage permissions of buckets.
- When creating a bucket you should have the permission to upload/download by default. You can check this by going to your bucket, click on your bucket name, then "properties" and finally "permission". Here, please check that your IAM user is listed in the granted permissions. You can add other permissions if needed
-
otherwise, you also can use bucket policy (same place as permissions mentioned above). You will find bucket policies example here. As an example, something like this one should make your bucket public:
{"Version": "2012-10-17", "Statement": [ { "Sid": "myPolicy", "Effect": "Allow", "Principal": "*", "Action": "*", "Resource": [ "arn:aws:s3:::YOUR_BUCKET_NAME/*", "arn:aws:s3:::YOUR_BUCKET_NAME" ] } ]}