Granting Amazon S3 permission by bucket

Quick Note

I was setting up an AWS S3 bucket and would like to share the access to my colleague.

It's quite effortless but somehow I needed to go over the docs for serval times and set up some extra stuffs.

This serves as a note for myself and anyone who needs.

For settings in detail, you can read the docs about how to manage access to your Amazon S3 Resources


I want to share bucket-a and bucket-b to my colleague Boris.


Create IAM Policy in the console

Then visit the AWS IAM console

In the policy tab, you will see many default policy (you can filter out by "S3", however there are no rules that based on buckets). So, let us create a new policy.

Select Policy Generator , it helps us to generate the policy document as specified.

Policy for the buckets

AWS Policy Generator is a handy tool to get the IAM policy document generated.

Since we are working with S3, we need to know the Amazon Resource Names (ARNs) of our buckets.

<!-- Object in an Amazon S3 bucket -->

so in my case, I need to specify:


The policy generated as following:

  "Id": "Policy1487658810754",
  "Version": "2012-10-17",
  "Statement": [
      "Sid": "Stmt1487658775540",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
      "Principal": "*"

For example, we give it the name AmazonS3BucketABucketBAccess. You can now see the policy on the list of policies in the IAM Console.

Grant a user the permission

Now, go to the Users tab in the IAM console.
Search for the user nad edit his/her permission.

If the user does not exist yet, create a user first by clicking the Add User button. I advice to select the Access Type as "Programmatic access", so it doesn't generate a set of usernams / password for the user to login to the console.

Now, we can add the above created permissions to the user.
Among "Add user to group", "Copy permissions from existing user" and "Attach existing policies directly", we will choose "Attach existing policies directly" this time.

You will see the policy AmazonS3BucketABucketBAccess we created just now in the list.

Just select the policy and attach it to the user.

Alternatively, you can create a Group

... then add the user into the group. Users in the group will be granted the same level of permission as the group specified.

To access the bucket

You will need API Key ID and API Secret to access to the bucket.
The above info can be found in the IAM Console > Users > Select the User > Security credentials > Access keys.

We need to create a pair of Access key ID and secret for the user to get the right access.

Once it's ready, you will see the status of the Access Keys.


If you need to grant the user console access, make sure you also grant him/her the list all bucket permission.

Ref: StackOverflow: Amazon S3 IAM User can' access S3 bucket

        "Sid": "ListAllBuckets",
        "Action": "s3:ListAllMyBuckets",
        "Effect": "Allow",
        "Resource": "*"

Hope it helps ;)

comments powered by Disqus

Make a single page landing site for my App with Appsite

After releasing an app on App Store, we often need some marketing effort to drive the visitor traffic. It would be solely depend on ASO(App Store Optimizaton) if we don't have an external site on the Internet.

There are various ways to build landing pages for the app. I particularly find Appsite very easy to use.

Just search the published app, Appsite will generate a single page landing page for the app selected.

It's also nice I can choose among the templates

I can change theme colour and update the screenshots - if everything from the App Store is not satisfying enough.

Finally I got the single page website for my app ins within 3 minutes.

See the site I generated in action:

Try it out

If you have your iOS or Android app and wish to build a website, it'd be nice to try Appsite out.

comments powered by Disqus

Telegram Stickers

I (and my friends) fancy the stickers in Telegram a lot. That's actually how I pitched groups of my friends migrated from other WhatsApp to Telegram - just because it supports stickers.

Of course, Telegram is also a fast, rich and secure instant messenger app with an insanely smooth user interface.

First introduction of stickers

The first set of stickers was introduced in January 2015.

Telegram planned to offer stickers in for free:

All our stickers are and will be completely free, and you can always create and share your own stickers.

At first, there is only one set of official sticker on Telegram.

Make and submitting custom stickers

Since May 2015, artists can submit sticker sets to Telegram. I created a set of cat's sticker with our own cats, and the sticker attracted a large group of friends starting to use Telegram.

Submitting stickers doesn't require permissions nor approvals like Line / iMessage or other platforms do.

It's awesome to encourage sticker creation and sharing.

Distribution sites and channels

Since there is no official store in Telegram, distribution of stickers becomes a problem.

Then it appears loads of sites that list and distribute stickers for free.

Upon simple googling, I found many sticker catelog sites.

Stickers' original creator has no way to stop from people who steals

Despite Telegram wanted to create a open, free and limitless eco-system for stickers.

Open and free stickers seem to be great for consumers. Everyone can submit stickers and others can add them with a public link.

Submitter != creator

Sometimes, the one who submit the sticker might not be the original artist. They just download existing sticker packs from other platforms and upload them to Telegram.

"At least the stickers are for free and it doesn't be made profitable to anyone" - some may think.

Similar to freeware, being free doesn't imply you have the right to use the original work without permission.


The Bac Bac's Diray sticker is popular on Line by artist Darylhochi.


The complete pack of stickers can be added with this link: . However, Darylhochi claimed on their Facebook post that the stickers are not uploaded by them.

Unlike other platforms, there is no way to prevent users from re-distributing copyright protected artworks as stickers.

Stickers are great, I hope they can be better.

Telegram may not have a plan to set up a sticker store yet. But as a creator, Telegram should to take some action to make sure creativity and effort of creators from the world is well-repected.

David Ng, Product Manager at

comments powered by Disqus




1) 開 Remote 的會議,會逼使你準備得更仔細




2) 比起分心做幾件事,更應該專注做好一件事

人通常要分心去做不同的tasks,Context Switching 使人腦殘。但想說的不是不能分心去同時做幾個task,而是:不能分心去走幾個方向。

3) 記著初衷,有一個簡單的方法:寫一個 motto,然後把它牢記

Hakuna Matata!
Hakuna Matata?

Yeah. It's our motto!
What's a motto?

Nothing. What's a-motto with you?
Those two words will solve all your problems

A motto will solve all your problems.
在迷失方向時,要問自己:「做緊咩」同埋「點解要咁做」的時候,簡短而有警惕性的 motto 便有用了。

"More good times."
"Never quits."
"Hakuna Matata."

comments powered by Disqus

Absurdity - 西西弗斯的荒謬哲學



Take 了《死亡與不朽》後,馬上多了一個由九半到八半的死亡星期三(因為Tutorial 在六半至八半的JQ period orz)。




while(stone_not_at_top) {


if(stone_near_top) {










(1) 人生→客觀的人生意義其實不存在 →人生其實是荒謬的
(2) 人生→尋找人生意義→認知人生意義並不客觀地存在→ 感到荒謬(其實較近似迷茫)

所以呢,在(2) 中,如果在這些步驟之中斷開了的話,是不會碰到這種「荒謬感」的。

比如說:沒有展開人生、從來沒有尋找過人生的意義(有許多可能性,例:本身尋找「意義」的意識薄弱)、 找到/定義了「主觀」的人生意義,而沒有認知到人生意義的客觀不存在,都未會引發荒謬感來襲的感覺。

0) 沒有在推石;
1) 從來並沒有想過他在推石的意義;
2) 有去想推石的意義,並自行賦予了他一個意義(例:健身);
3) 有去想推石的意義,並知道這是重覆而沒意義的。

以上只有3) 符合到卡繆提出造成荒謬感的條件。一旦它真的出現了,那人們應該怎去應對?




就像那個無限loop program也許只有跑到直至沒有電源或這人手停只才能安息。如果你問我它可以有甚麼客觀意義?可真是沒有的。



悲觀(或是樂觀) 地來說,享受推石中的過程、在當中尋找到推石以外的樂趣(例如欣賞風景),把天神的「懲罰」蔑視成為一個過程,就已是一種對於不可抗命運的「反抗」。

「One must imagine Sisyphus happy.」-文章最後這樣寫道。





comments powered by Disqus