Series: 30 Days DevOps Interview Preparation
Author: Tathagat Gaikwad

Topic: AWS IAM + S3: Users, Roles & Upload Files

Cloud security and storage are the two pillars every DevOps engineer must master. On Day 19, we’re diving into AWS IAM (Identity & Access Management) and S3 (Simple Storage Service) — concepts you’ll use almost daily in real projects and which are very common in interviews.

🔹 What is IAM (Identity & Access Management)?

AWS IAM allows you to manage who can access AWS resources and what actions they can perform.

Key concepts:

Users → Represent people or applications with permanent credentials.
Groups → Collection of users with shared permissions.
Roles → Temporary credentials often used by AWS services (EC2, Lambda).
Policies → JSON documents that define permissions.

👉 Best Practice: Always follow the Principle of Least Privilege (only give minimum required permissions).

🔹 What is Amazon S3 (Simple Storage Service)?

Amazon S3 is object storage built for scalability, durability, and availability.

Data stored as objects in buckets.
Each object = data + metadata + unique key.
Use cases:
✅ Store application logs
✅ CI/CD artifacts
✅ Static website hosting
✅ Backups & Disaster Recovery

👉 S3 + IAM = Secure cloud storage for modern DevOps pipelines.

🔹 Step-by-Step Practical on AWS

1️⃣ Create an IAM User with S3 Permissions

Go to IAM → Users → Add User
Enable Programmatic Access (for CLI).
Attach a policy like AmazonS3FullAccess (or custom least-privilege).
Download the Access Key & Secret Key.

2️⃣ Configure AWS CLI on Your System

aws configure

Enter Access Key, Secret Key, Region, and Output format.

3️⃣ Create an S3 Bucket

aws s3 mb s3://my-devops-bucket-19

4️⃣ Upload a File to S3

aws s3 cp file.txt s3://my-devops-bucket-19/

5️⃣ List Files in Bucket

aws s3 ls s3://my-devops-bucket-19/

6️⃣ Download a File from S3

aws s3 cp s3://my-devops-bucket-19/file.txt ./file.txt

7️⃣ Attach IAM Role to EC2 for S3 Access (No Keys Required)

Create IAM Role → Assign AmazonS3ReadOnlyAccess.
Attach role to your EC2 instance.
Now from EC2, you can run:

aws s3 ls s3://my-devops-bucket-19/

👉 Notice: No keys are needed because IAM Role is managing permissions.

🔹 Common Interview Questions & Detailed Answers

Q1: Difference between IAM User and IAM Role?
👉 IAM User = Long-term credentials (username/password or access keys).
👉 IAM Role = Temporary credentials, usually assumed by services (like EC2, Lambda).

Q2: How do you secure an S3 bucket?
👉 Block public access, use IAM policies, enable encryption (SSE-S3 or KMS), enable versioning & MFA delete.

Q3: What’s the difference between Bucket Policy and IAM Policy?
👉 Bucket Policy → Attached directly to the bucket.
👉 IAM Policy → Attached to users, groups, or roles.

Q4: How does EC2 instance get access to S3 without storing keys?
👉 By assigning an IAM Role to EC2 instance. AWS automatically provides temporary credentials.

Q5: Can S3 be used for hosting static websites?
👉 Yes ✅. Enable "Static Website Hosting" in bucket properties and upload HTML/CSS/JS files.

Q6: What are S3 storage classes?
👉 Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier, Glacier Deep Archive.

Q7: What is the durability of S3?
👉 99.999999999% (11 9’s).

🔹 Key Takeaways

IAM ensures secure access control.
S3 provides reliable object storage.
Together, they are the foundation of secure DevOps pipelines.
Interviewers often test your ability to explain AND implement these basics.

🔮 Coming Next:

👉 Day 20 → CI/CD + Automation

Stay tuned — things are getting more hands-on and automation-driven now 🚀.

✅ If you found this useful, follow my 30 Days of DevOps Interview Prep Challenge here on Hashnode and LinkedIn.
💬 Comment your questions — I’ll include them in upcoming posts!

#DevOps #AWS #IAM #S3 #InterviewPreparation #CloudComputing #30DaysOfDevOps

🚀 Day 19 of 30 Days DevOps Interview Prep Challenge