Managing AWS S3 Bucket And Write IAM User Access Key With AWS CDK

The guide demonstrates how to create AWS S3 bucket and write IAM user access key with AWS CDK written in TypeScript

Tuesday, October 22, 2019

Full source code can be found at

User & Access Key

Created user has no password set up, thus can't log in into AWS management console.

S3 Bucket

Bucket ACL is set to PUBLIC_READ meaning bucket is available for public read, while write operations are denied from the public. Bucket CORS rules are set to allow cross-origin GET requests. This allows XHR requests from any domain to reach the bucket. Lastly, we grant write access to our created user.


A simple way of accessing a user's access key Id and the secret is to created AWS CloudFormation outputs for it.

To improve security, an alternative may be storing secrets in AWS Secrets Manager or Parameter store.

Uploading Document Via AWS CLI

Following command copies the local file into specified S3 bucket

aws s3 cp <path-to-local-file> <bucket-name> --acl public-read

Notice the --acl public-read part. This is essential otherwise your uploaded file will be not accessible from public

Closing Notes

This guide is very narrow-oriented and it is possible to modify many attributes along the way. The goal was to serve as help when setting up a public read S3 bucket with a write user access key. Additional documentation can be found at