How to setup S3 with ARN


  1. Create an S3 bucket

a. Go to AWS, S3 service,

b. Create bucket, region doesn’t matter, but should be consistent across all parts of role/policy/bucket.

c. Select Block all public access, disable Bucket Versioning, no Tags, disable Default Encryption.

d. Create Bucket.


2. Create a policy

a. Go to AWS, IAM service, Policies

b. Click on Create policy

c. Choose Service S3

d. Include 3 actions:

List, ListBucket

Write, DeleteObject

Write, PutObject

e. Resources:


Click on Add ARN for the bucket and add the bucket name.


Click on Add ARN for the object, to Specify ARN for object, add bucket name, appending /*


3. Create a Role

a. Go to AWS, IAM service, Roles

b. Click on Create role

c. Type of trusted entity = Another AWS account. Enter account number, e.g. IDT Bluvision Root.

d. Select the new policy via checkbox, no tags, give name, create role