Part 1 of this series outlined the architecture, which is then followed by creating the IAM group, user, and policy the EC2 will use to place recorded video in the S3 bucket.

  1. Open the IAM console
  2. Create a group (I named mine ‘unifi’)
  3. Attach a policy to the group. This is an example policy that I created in the visual editor. You can open it or restrict it to fit your specific needs as this is not the most restrictive policy example.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketObjectLockConfiguration",
                "s3:PutLifecycleConfiguration",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutBucketObjectLockConfiguration",
                "s3:GetLifecycleConfiguration",
                "s3:GetInventoryConfiguration",
                "s3:ListBucket",
                "s3:PutEncryptionConfiguration",
                "s3:GetEncryptionConfiguration",
                "s3:AbortMultipartUpload",
                "s3:GetObjectTagging",
                "s3:ListBucketMultipartUploads",
                "s3:UpdateJobStatus",
                "s3:PutInventoryConfiguration",
                "s3:PutObjectRetention",
                "s3:GetBucketLocation",
            ],
            "Resource": "arn:aws:s3:::<UNIFI-BUCKET>"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:ListJobs",
                "s3:CreateJob",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        }
    ]
}
  1. Create a user (Can be the same name or something different)
    a. Select programmatic access
    b. Assign the user to the group you created in Step 2
    c. Finish the config options to your liking

Create your S3 bucket in Part 3