This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

S3 User for Developers

This document describes how to create a user account for a developer and how to set ACLs and policies properly.

Naming Convention for Developers

S3 user name

dev-${EMPLOYEE_SHORT_NAME} (see Employee Short Name)


The prefix dev- is used by Ansible to recognize developers and grant permissions accordingly.

Create User


tco create-user **${NAME}**

Remove User


tco remove-user **${NAME}**

Show User Details


tco show-user **${NAME}**

The access_key and secret_key values correspond to the s3.main.accessKeyId and s3.main.secretAccessKey, respectively, within the file.

See also S3 Storage Design Overview.

Set Permissions via Ansible

Permissions are set by Ansible automatically. It detects user accounts of developers based on the dev- prefix in their name:

$ cd ${ANSIBLE_GIT_REPO}/tocco
$ ansible-playbook playbook.yml -t s3

See also: Ansibile: Usage