1) Go to https://console.aws.amazon.com/iam/home?#/users and create new user then press next

2) Set permissions for your user by Attach one or more existing policies directly and then press next

3) Check if everything is ok and press create user

4) All done, save your Access key ID and Secret access key

You can see all your credentials here https://console.aws.amazon.com/iam/home?#/users (1 user = 1 credential)

Now you can use this credential and it will have access only for s3 operations, all other operations will fail to process (like creating EC2 instances).

It is good practice to use different (and restricted) credentials (that means different users, because 1 user = 1 credential) for different apps so you can always control all your AWS usage per app.

Additional reading:

• Restrict Steps https://www.netguru.co/blog/my-first-5-minutes-on-an-aws-account
• Best Security Practices by amazon https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html?icmpid=docs_iam_console