How to Do AWS S3 Bucket Setup on Claude Code

You can set up an AWS S3 bucket directly inside Claude Code by prompting it to scaffold the AWS CLI commands, bucket policies, IAM roles, and infrastructure-as-code files you need. It works best when you already have the AWS CLI installed and credentials configured. Claude Code handles the scaffolding, policy JSON, and SDK calls so you spend less time reading docs and more time shipping.

• Requires: AWS CLI v2, an IAM user or role with S3 permissions, and a Claude Pro or Max plan
• Average setup time with Claude Code: under 5 minutes for a standard bucket with versioning and public-access blocking
• Claude Code can generate Terraform, CDK, CloudFormation, or raw CLI commands depending on your stack

What you need before starting

Before asking Claude Code to scaffold anything, make sure the following are in place in your terminal environment:

• AWS CLI v2 installed and on your $PATH (run aws --version to confirm)
• Credentials configured via aws configure or an assumed IAM role. Claude Code reads from your shell environment, so whatever is active in your terminal is what it will use.
• A Claude Pro or Max subscription. S3 setup tasks involve multiple back-and-forth steps; you will burn through free-tier messages quickly. See using Claude Code with Pro or Max for plan details.
• A target AWS region in mind (e.g., us-east-1, eu-west-2). S3 bucket names are globally unique, so pick your region before you start.

How to set up an S3 bucket using Claude Code: step by step

1. Open Claude Code in your project directory

Launch Claude Code from the terminal at the root of your project. This gives it context about your stack (Node, Python, Go, etc.) and any existing infrastructure files like terraform/ or cdk.json.

2. Describe what you need in plain language

Be specific with your prompt. The more context you give, the better the output. Examples that work well:

• "Create an S3 bucket called my-app-assets in us-east-1. Block all public access. Enable versioning. Tag it with env=production."
• "Set up an S3 bucket for static website hosting with a bucket policy that allows public read, and output the CLI commands to do it."
• "Generate a Terraform module for an S3 bucket with server-side encryption using SSE-S3, lifecycle rules to move objects to Glacier after 90 days, and an IAM policy for a Lambda function to write to it."

3. Let Claude Code generate the commands or IaC files

Claude Code will produce one of the following depending on what you ask for:

• Raw AWS CLI commands: aws s3api create-bucket, aws s3api put-bucket-versioning, aws s3api put-public-access-block, etc. These are ready to copy-paste and run.
• Terraform HCL: An aws_s3_bucket resource block with associated aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, and IAM policy documents.
• AWS CDK (TypeScript or Python): A s3.Bucket construct with props for encryption, versioning, removal policy, and CORS if needed.
• CloudFormation YAML: A AWS::S3::Bucket resource with properties and an optional AWS::S3::BucketPolicy.

4. Review the bucket policy and IAM output carefully

Claude Code is good at generating policies, but always review them before applying. Common things to double-check:

• The Principal in any bucket policy (avoid "*" unless you explicitly need public access)
• CORS rules, especially if you are setting up a frontend that calls S3 directly
• The DeletionPolicy in Terraform or CDK (defaulting to Destroy in dev, Retain in production)

5. Run or apply the output

For CLI commands, execute them directly in your terminal. For Terraform, run terraform init and terraform apply. Claude Code can also write a short shell script wrapper if you want to parameterize the bucket name or environment.

6. Verify the bucket

Ask Claude Code to generate a quick verification snippet: aws s3 ls s3://your-bucket-name or a small SDK script that uploads a test file and reads it back. This confirms permissions are correct end-to-end.

Useful slash commands for this workflow

Claude Code's slash commands speed up the S3 setup process:

• /init: Sets up a CLAUDE.md file in your project so Claude Code knows your AWS region, preferred IaC tool, and naming conventions from the start
• /clear: Resets context if the conversation has drifted and you want a clean slate for a new bucket or policy
• /usage: Shows your current Claude Code message usage so you do not get cut off mid-task. See the full Claude Code slash commands list for more.

Common S3 configurations Claude Code handles well

Use case	What to ask for	Key resource/option
Static website hosting	"Set up S3 for static site with CloudFront"	aws_s3_bucket_website_configuration
Private app assets	"Bucket with presigned URL access only"	Block public access + IAM role
Data lake / log storage	"Bucket with lifecycle rules and Glacier tiering"	aws_s3_bucket_lifecycle_configuration
Cross-account access	"Bucket policy to allow reads from account 123456"	Resource-based policy with Principal.AWS
Replication	"Replicate this bucket to eu-west-1 for DR"	aws_s3_bucket_replication_configuration

Avoiding the mid-task usage lockout

S3 setup in Claude Code often involves several rounds: create the bucket, fix the policy, add encryption, wire up IAM. That's enough back-and-forth to push you close to your hourly usage limit. Claude's usage limits reset on a rolling 5-hour window, and hitting the cap mid-task means waiting with an incomplete setup.

Usagebar sits in your macOS menu bar and shows your Claude Code usage in real time. It sends notifications at 50%, 75%, and 90% so you know when to wrap up a task or save your progress before the window resets. It stores your credentials securely in the macOS Keychain, and it's free for students with a pay-what-you-want model for everyone else. No more context-switching to the browser to check claude.ai/settings/usage mid-task.

You can also type /usage inside Claude Code at any point to get a quick read on where you stand. For a persistent, at-a-glance view while you work, Get Usagebar.

Tips for better results

• Provide your IaC tool upfront: Say "using Terraform 1.7" or "using AWS CDK v2 TypeScript" so Claude Code doesn't guess. This avoids deprecated resource names and mismatched API versions.
• Mention existing infrastructure: If you already have a VPC, an existing IAM role, or a naming convention like company-env-service, tell Claude Code. It will reference the right resources instead of creating duplicates.
• Ask for outputs: "Also output the bucket ARN and name as Terraform outputs" saves you from writing boilerplate yourself.
• Iterate in one session: Keep the conversation in one Claude Code session. It maintains context across follow-up prompts, so you can say "now add a CORS rule for https://myapp.com" and it will edit the existing file rather than starting over.
• Use /init to document conventions: If you run multiple S3 setup tasks across projects, the CLAUDE.md file generated by /init lets you define persistent context so Claude Code always knows your preferred patterns.

Key takeaways

1. Install and configure the AWS CLI before starting; Claude Code inherits your shell credentials.
2. Specify your IaC tool (Terraform, CDK, CloudFormation, or raw CLI) in your first prompt.
3. Use descriptive prompts: bucket name, region, access pattern, encryption, and tagging in one message.
4. Always review generated IAM policies and bucket policies before applying them.
5. Use /usage or Usagebar to track your message budget so a multi-step S3 task doesn't get cut off mid-run.
6. Use /init to store AWS conventions in CLAUDE.md for repeatable, consistent results.

Sources

• https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
• https://support.claude.com/en/articles/11145838-using-claude-code-with-your-pro-or-max-plan
• https://support.claude.com/en/articles/9797557-usage-limit-best-practices
• https://claude.ai/settings/usage