ezS3.net Back to blog
Getting Started with AWS S3 and ezS3
Getting Started AWS S3 S3-Compatible Storage

Getting Started with AWS S3 and ezS3

Connect AWS S3 to ezS3 for secure team file access without IAM complexity. Configure buckets, roles, and browser uploads in minutes.

3 min read

AWS S3 is the most popular object storage service, but setting up team access often means navigating the complex IAM console. With ezS3, you can give your team secure access to S3 buckets in minutes.

Prerequisites

Before you begin, make sure you have:

  • An AWS account with S3 access
  • An existing S3 bucket (or create one through the AWS console)
  • Your AWS Access Key ID and Secret Access Key

Step 1: Create an IAM User

While ezS3 eliminates IAM complexity for your team, you’ll need one IAM user with S3 access to connect ezS3 to your bucket.

  1. Go to the AWS IAM Console
  2. Create a new IAM user
  3. Attach the AmazonS3FullAccess policy (or create a custom policy for specific buckets)
  4. Create access keys for the user

Step 2: Connect AWS S3 to ezS3

  1. Log in to your ezS3 account and go to Storage Providers.
  2. Click Add Provider and select AWS S3.
  3. Fill in the form:
    • Endpoint — Your bucket’s S3 endpoint (e.g. https://s3.us-east-1.amazonaws.com for us-east-1; use the region where your bucket lives).
    • Region — The AWS region (e.g. us-east-1).
    • Bucket scopes (optional) — Leave blank to let ezS3 list all buckets the key can access, or enter a comma-separated list of bucket names to restrict the connection.
    • Access key ID and Secret access key — From Step 1.
  4. Leave Allow ezS3 to update bucket CORS settings (recommended) on. When you save or test the connection, ezS3 can add the ezs3.net origin to your bucket’s CORS policy so team members can upload and download from the browser without extra setup. If you prefer to manage CORS yourself, turn this off and configure CORS in the AWS console (see troubleshooting below).
  5. Save and then assign buckets to roles.

Step 3: Set Up Team Access

Once connected, you can:

  • Create roles with specific permissions (read-only, upload, delete)
  • Assign team members to roles
  • Set up folder-level access restrictions

Security Best Practices

  • Rotate credentials regularly: Use AWS secrets manager or set reminders
  • Use bucket policies: Restrict access to specific IP ranges or VPC endpoints
  • Enable versioning: Protect against accidental deletions
  • Set up logging: Monitor access through CloudTrail

Troubleshooting

“Access Denied” errors?

  • Verify your IAM user has the correct permissions
  • Check that the endpoint and region match your bucket
  • Ensure any bucket policies don’t conflict

Can’t see files?

  • Verify the bucket isn’t empty and is included in bucket scopes (if you set them)
  • Check that you’re using the correct region and endpoint

Browser uploads blocked (CORS)?
If you turned off CORS auto-update, add a CORS rule in the S3 console. Example (Bucket → Permissions → CORS):

[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "PUT", "POST", "DELETE"],
    "AllowedOrigins": ["https://ezs3.net"],
    "ExposeHeaders": []
  }
]

Ready to get started? Sign up for ezS3 and connect your first S3 bucket today.

Read next

Configuring Cloudflare R2 with ezS3

Configuring Cloudflare R2 with ezS3

Cloudflare R2 is S3-compatible object storage with simple pricing. Create an R2 token, connect it to ezS3, and use auto CORS so browser uploads work.

Configuring Backblaze B2 with ezS3

Configuring Backblaze B2 with ezS3

Connect Backblaze B2 to ezS3 for secure team access to S3-compatible storage. Set up buckets, CORS, and browser uploads in minutes.

Configuring DigitalOcean Spaces with ezS3

Configuring DigitalOcean Spaces with ezS3

Connect DigitalOcean Spaces to ezS3 for secure team access. Create a Space, add an API key, and enable browser uploads with auto CORS.