This guide details the steps required for users to grant MyMagic API read and write access to their AWS S3 bucket. This process ensures secure and controlled access, adhering to AWS best practices.

MyMagic API requires access to your S3 bucket to store and retrieve files for batch inference. The application assumes an IAM role that grants it the necessary permissions to interact with your S3 bucket. This role is created by you and is assumed by MyMagic API when it needs to access your S3 bucket. The API will read all the files in the bucket folder and write the inference results to the same bucket folder under the name “ai_reponse.json” with a time stamp.


  • An AWS account with access to the S3 service.
  • An S3 bucket to which MyMagic API requires access.

Step 1: Create an IAM Policy for Bucket Access

  1. Log in to your AWS Management Console and navigate to the IAM service.
  2. In the IAM dashboard, go to Policies and select Create policy.
  3. Use the JSON editor to create a policy with the necessary permissions. Here is an a policy that should be enough:
  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": [
  1. Replace your-bucket-name with the name of your S3 bucket.
  2. Click Review policy, give it a name, and create the policy.

Step 2: Create an IAM Role for MyMagic API

  1. In the IAM dashboard, go to Roles and select Create role.
  2. Choose the appropriate trust relationship, AWS Account, and select Another AWS Aaccount from account options.
  3. Put MyMagic AWS Account ID: 537808082884
  4. Attach the policy you created in Step 1 to this role.
  5. Review and create the role. Note the Role ARN as it will be needed later.

Step 3: Provide Role ARN to MyMagic API

Use the Role ARN securely with MyMagic API when making calls. This enables the application to assume the role and interact with your S3 bucket.

Adherence to Security Best Practices

  • IAM policy grants only the necessary permissions that MyMagic API needs.
  • IAM role and its attached policies adheres to the principle of least privilege.
  • IAM role is assumed only by MyMagic API.

Need Help?

If you encounter any issues or have questions, please reach out to [email protected]