The IAM Manager requires extended “iam” permissions to work with IAM users, policies and groups.

What IAM policy is assigned to your IAM user?

Unfortunately I have no idea but I am guessing not the proper policy.
What confuses me is that access currently is using key and secret key pair.

Access and secret keys are one of the way you connect to Amazon S3 as a IAM user. You can contact your manager/responsible person who has a master account and granted you the access and secret keys to find out your IAM policy and whether it is an option for you to extend your permissions.

that would be me... so it is the blind leading the blind at the moment
thanks

I am using PHP to upload/download files. do I need to create separate users for this?

you can use the same access / secret keys to run uploads. The only thing that your IAM user should have enough permissions to upload/download.

if I want/prefer to have a separate set of keys that can use that have read only permission how do I go about that? I created user/iam but can't assign that userid to anything in ACL

If you are master account, you can use IAM Manager to create as many IAM users as you want with different permissions. There you can also generate access and secret keys for those IAM users and, finally, use IAM users access/secret keys for different purposes that you have.

Julia,
thanks for responding helping

I created users in IAM and got keypair. so when I go to the bucket to give this new userID i created in IAM permissions, it says invalid id

Could you please provide a screenshot that demonstrates the issue? Thanks!

here u go
thanks

I was sure you have been working with CloudBerry Explorer all the time :)
Let's start from scratch then - what would you like to configure and to do next with the users?

I have cloudberry explorer sorry

I have several buckets. I have different websites that i am going to store data in based on website as to which bucket it goes.
I am currently using keypair for master user, ME,
I would like to have different keypair for the different buckets
plus prefer that the websites using s3 SDK only have read/write permissions

again thanks.

i have dealt with windows server permissions but this is crazy new

You can register your master Amazon S3 account in CloudBerry Explorer and configure any IAM user that you want.
If you need those IAM users be able to use IAM manager as well, you should grant them required permissions (i.e. "iam:*").
If you would like those IAM users be able to access certain buckets only, so you can grant them full access for those buckets and no need for "iam" permissions then.

I believe I have done this already. I can browse my buckets and add/delete files. just if i go to IAM manager in Cloudberry i get the error and cannot add users

Are you working under the master Amazon S3 account. The master account has full permissions for all actions. You can check what policies/permissions you have in the AWS Management Console where you generated the access/secret keys.

I am the one that created it and the only user. in Cloudberry i entered in the keys to access. i am thinking based on what you said that is wrong?

What permissions does that account have (check the AWS Management Console where you created it)? It seems you need to grant it "iam:*" permissions there.

Julia,

again I am sorry for the confusion and appreciate your helping.

to clarify. my email is my aws UserID. I an log into the AWS console and get to the dashboard.

Please check the instructions here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#by-direct-attach-policy how to add permissions to the user.