Skip to contents

High level six functions

Source: vignettes/six.Rmd
six.Rmd

High level sixtyfour functions - or “magical” methods - or we can call them “six methods” after the package name sixtyfour - are higher level functions to make your life easier.

It can perhaps best be understood by way of an example.

The function aws_user_create() creates a new user. However, there’s some basic housekeeping that needs to be done for a new user to be truly useable. First, the just created user can’t get information on herself. Second, the user has no credentials by default for accessing AWS programatically.

To create a smoother user experience six_user_create() creates a new user, including a) creating the appropriate policies if they don’t exist yet, b) attaching the policies to the created user, and c) creating an AWS Access Key for the user (and copy an email template to your clipboard with the details the new user needs).

Load sixtyfour

All the magical methods

Here are all the magical methods:

#>  - six_admin_setup
#>  - six_bucket_add_user
#>  - six_bucket_change_user
#>  - six_bucket_delete
#>  - six_bucket_permissions
#>  - six_bucket_remove_user
#>  - six_bucket_upload
#>  - six_file_upload
#>  - six_group_delete
#>  - six_user_create
#>  - six_user_creds
#>  - six_user_delete

Notes about magical methods

All of these methods have a force parameter that accepts TRUE or FALSE. The default is FALSE in which case you are given a prompt in your R session asking you to confirm that you really do want to create a bucket of a particular name. Sometimes you supply the bucket name, while other magic methods figure out a bucket name from an S3 file path (e.g., s3://bucketname/some/file.csv). Because we want this vignette to compile without human interaction, we’re using force=TRUE, so you won’t see the prompots that you’ll see when you use these functions interactively.

S3 magical methods

Make a random bucket name

bucket1 <- random_bucket()

Upload to a bucket

A file

demo_rds_file <- file.path(system.file(), "Meta/demo.rds")

A directory with files

tdir <- path(path_temp(), "mytmp")
dir_create(tdir)
invisible(purrr::map(letters[1:13], \(l) file_create(path(tdir, l))))
dir_tree(tdir)
#> /var/folders/qt/fzq1m_bj2yb_7b2jz57s9q7c0000gp/T/RtmpILqIPZ/mytmp
#> ├── a
#> ├── b
#> ├── c
#> ├── d
#> ├── e
#> ├── f
#> ├── g
#> ├── h
#> ├── i
#> ├── j
#> ├── k
#> ├── l
#> └── m

Upload both the file and the directory of files to bucket1: bucket-yiqxfbrczesdmuwo

six_bucket_upload(path = c(demo_rds_file, tdir), remote = bucket1)
#>  [1] "s3://bucket-yiqxfbrczesdmuwo/demo.rds"
#>  [2] "s3://bucket-yiqxfbrczesdmuwo/mytmp/a"
#>  [3] "s3://bucket-yiqxfbrczesdmuwo/mytmp/b"
#>  [4] "s3://bucket-yiqxfbrczesdmuwo/mytmp/c"
#>  [5] "s3://bucket-yiqxfbrczesdmuwo/mytmp/d"
#>  [6] "s3://bucket-yiqxfbrczesdmuwo/mytmp/e"
#>  [7] "s3://bucket-yiqxfbrczesdmuwo/mytmp/f"
#>  [8] "s3://bucket-yiqxfbrczesdmuwo/mytmp/g"
#>  [9] "s3://bucket-yiqxfbrczesdmuwo/mytmp/h"
#> [10] "s3://bucket-yiqxfbrczesdmuwo/mytmp/i"
#> [11] "s3://bucket-yiqxfbrczesdmuwo/mytmp/j"
#> [12] "s3://bucket-yiqxfbrczesdmuwo/mytmp/k"
#> [13] "s3://bucket-yiqxfbrczesdmuwo/mytmp/l"
#> [14] "s3://bucket-yiqxfbrczesdmuwo/mytmp/m"

File upload

Now that we have a bucket, we can upload a file to the existing bucket with six_file_upload.

links_file <- file.path(system.file(), "Meta/links.rds")
six_file_upload(links_file, bucket1)
#> [1] "s3://bucket-yiqxfbrczesdmuwo/links.rds"

Add a user to a bucket

Now that we created a bucket, and added some files, let’s add a user to this bucket.

Create a random user name and create the user in AWS.

user1 <- random_user()
aws_user_create(user1)
#> # A tibble: 1 × 6
#>   UserName         UserId    Path  Arn   CreateDate          PasswordLastUsed
#>   <chr>            <chr>     <chr> <chr> <dttm>              <dttm>
#> 1 CandiedMeasureme AIDA22PL… /     ***** 2025-03-12 22:41:35 NA

Now add the user to the bucket so they can access it with the permissions we’re assigning to them.

six_bucket_add_user(
  bucket = bucket1,
  username = user1,
  permissions = "read"
)
#> ✔ CandiedMeasureme now has read access to bucket bucket-yiqxfbrczesdmuwo

Get all user permissions for a bucket

You’ll often want to get a summary of the permissions on a given bucket. six_bucket_permissions() gives you that summary.

#> # A tibble: 1 × 4
#>   user             permissions policy_read                          policy_admin
#>   <chr>            <chr>       <chr>                                <chr>
#> 1 CandiedMeasureme read        S3ReadOnlyAccessBucketyiqxfbrczesdm… <NA>

Change a user’s permissions for a bucket

After adding a user to a bucket you may want to change their permissions - for example, if they had read access only but need admin, or vice versa. The magic function six_bucket_change_user() is meant for these kinds of use cases.

First, let’s see what permissions user1 has right now using the previous magic function we learned about:

#> # A tibble: 1 × 4
#>   user             permissions policy_read                          policy_admin
#>   <chr>            <chr>       <chr>                                <chr>
#> 1 CandiedMeasureme read        S3ReadOnlyAccessBucketyiqxfbrczesdm… <NA>

user1 has read access, but we’d like to change that to write access:

six_bucket_change_user(
  bucket = bucket1,
  username = user1,
  permissions = "write"
)
#> ✔ CandiedMeasureme now has write access to bucket bucket-yiqxfbrczesdmuwo

six_bucket_change_user() returns inivisibly. Let’s check the permissions for this user and bucket after this change:

#> # A tibble: 1 × 4
#>   user             permissions policy_write                       policy_admin
#>   <chr>            <chr>       <chr>                              <chr>
#> 1 CandiedMeasureme write       S3FullAccessBucketyiqxfbrczesdmuwo <NA>

Remove a user from a bucket

You may at some point want to remove a user from a bucket that you’ve previously added. The magic function six_bucket_remove_user() helps you do just that.

six_bucket_remove_user(bucket1, user1)
#> ✔ CandiedMeasureme access to bucket-yiqxfbrczesdmuwo has been removed

Delete a bucket

Finally, there’s a magic function to make deleting a bucket easier. For good reason AWS doesn’t allow a bucket to be deleted if it has obejcts. six_bucket_delete() helps you delete a bucket by cleaning out any objects with prompts. Though, you can force deletion as well.

First, create a bucket with some objects

bucket2 <- random_bucket()
aws_bucket_create(bucket2)
#> [1] "http://bucket-vgbwzxqafyoudnpc.s3.amazonaws.com/"
demo_rds_file <- file.path(system.file(), "Meta/demo.rds")
links_file <- file.path(system.file(), "Meta/links.rds")
aws_file_upload(
  c(demo_rds_file, links_file),
  s3_path(bucket2, c(basename(demo_rds_file), basename(links_file)))
)
#> [1] "s3://bucket-vgbwzxqafyoudnpc/demo.rds"
#> [2] "s3://bucket-vgbwzxqafyoudnpc/links.rds"
aws_bucket_list_objects(bucket2)
#> # A tibble: 2 × 8
#>   bucket         key   uri     size type  etag  lastmodified        storageclass
#>   <glue>         <chr> <glu> <fs::> <chr> <chr> <dttm>              <chr>
#> 1 bucket-vgbwzx… demo… s3:/…    256 file  "\"7… 2025-03-12 22:42:11 STANDARD
#> 2 bucket-vgbwzx… link… s3:/…  13.2K file  "\"0… 2025-03-12 22:42:11 STANDARD

Then delete the bucket

#> ℹ deleting bucket bucket-vgbwzxqafyoudnpc

IAM magical methods

Right now we have magical methods for IAM related to managing user groups (six_admin_setup()) and users (six_user*() functions).

Admin setup

six_admin_setup() is a helper function for administrators of AWS accounts. It creates an admin and a user group with the idea that many administrators are going to want two basic groups of people associated with their AWS account: users and admins, where users only have read and maybe write access, while admins have additional permissions in addition to reading and writing. To these two groups (users and admins) this function adds a set of five policies each that give appropriate levels of permissions for each group. You can of course change the policies, but we think these are a good default set of policies.

six_admin_setup(users_group = "myusers", admin_group = "myadmin")
#> ℹ whoami: *****
#> ℹ
#> ℹ myusers group created - add users to this group that do not require admin permissions
#> ℹ Added policies to the myusers group: AmazonRDSReadOnlyAccess, AmazonRedshiftReadOnlyAccess, AmazonS3ReadOnlyAccess,
#> AWSBillingReadOnlyAccess, and IAMReadOnlyAccess
#> ℹ
#> ℹ myadmin group created - add users to this group that require admin permissions
#> ℹ Added policies to the myadmin group: AdministratorAccess, Billing, CostOptimizationHubAdminAccess, AWSBillingReadOnlyAccess, and
#> AWSCostAndUsageReportAutomationPolicy
#> ℹ
#> ℹ Done!

User management

There’s currently 3 magic functions for managing users:

#>  - six_user_create
#>  - six_user_creds
#>  - six_user_delete

six_user_creds() is a helper function to create credentials for an existing users - credentials being an AWS secret access key and corresponding access key ID. That function is used inside of six_user_create() to create credentials for a new user. Let’s see how it works. six_user_create() will:

  • Create a new user
  • Add a new UserInfo policy to your account if doesn’t exist yet
  • Attach the UserInfo policy to the newly created user
  • Grants an access key to the new user, copying an email template to your clipboard
user2 <- random_user()
six_user_create(user2)
#> ℹ Added policy UserInfo to VanillaFries
#> ✔ Key pair created for VanillaFries
#> ℹ AccessKeyId: *****
#> ℹ SecretAccessKey: *****

It can’t be shown here, but an email template is copied to your clipboard with the new credentials so you can give them to the person that is associated with the new user, whether that be via email, chat, or other means.

You can also delete a user. If a user has any attached policies or access keys the user can not be deleted. six_user_delete() does those tasks for you then deletes the user:

six_user_delete(user2)
#> ℹ Policy UserInfo detached
#> ✔ Access Key ID ***** deleted
#> ℹ VanillaFries deleted