We can create a policy using the IAM visual editor as follows:
- Log in to the console as an administrator and go to the IAM dashboard.
- Click on Policies from the left sidebar.
- Click on Create Policy. This will provide us with a visual editor:
We can also click on the JSON tab and enter the JSON directly if we have already created the policy JSON.
- Set the Service to S3.
- Select ListBucket under Actions.
- Under Resources, select Specific, click on Add ARN, and enter our bucket's ARN in the format arn:aws:s3:::<bucket_name>.
- Under Request conditions, click Add condition and add a condition, as follows, with an EPOCH time from the future (we can find many online tools that do the time conversion for us):
Click Add.
- Click Review Policy.
- Provide a name (for example, MyS3ListPolicy), add a description (for example, My S3 ListPolicy), and click Create Policy.
- Verify the policy that was generated from the JSON tab:
- Click on Groups from the left sidebar of the IAM dashboard and go to our testuser group. Click on Attach Policy and attach the policy we created in the previous step.
You can also attach policies to groups or users from the Policy tab of the IAM dashboard.
- Verify this by running the s3 ls command from the command line with the testuser profile name (the same command from the Getting ready section). We should see a successful response, as follows:
Now, let's look at how to create policies using the AWS CLI.