On this page

TLDR

Create a bucket in AWS Console
Create a custom policy in AWS Console with the following permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:GetObjectAcl",
        "s3:PutObjectAcl",
        "s3:PutObject"
      ],
      "Resource": [
        // rewrite your-bucket-name with your bucket name
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}

Create an IAM user in AWS Console & attach the policy from the previous step.
Go to User settings & create an Access Key in AWS Console.
Add the Access Key and Secret Key in Coolify when you create a new S3 source.
You need to use the S3 HTTP endpoit without the bucket name, for example, https://s3.eu-central-1.amazonaws.com.

Detailed steps

Create a bucket

Create a bucket.

Go to AWS Console and create a new bucket.

Name your bucket.

Create a new policy

Create a new policy.

Go to AWS Console and create a new policy.

Name & configure your policy.

Add the following JSON permissions to your policy (replace your-bucket-name with your bucket name):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:GetObjectAcl",
        "s3:PutObjectAcl",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}