Day 67: AWS S3 Bucket Creation and Management   (Feb 1, 2024)

Day 67: AWS S3 Bucket Creation and Management (Feb 1, 2024)

🙏 Introduction:

In this blog, we will dive into the creation and management of S3 buckets, exploring key features and best practices.

🔶AWS S3 Bucket

Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It can be used for a variety of use cases, such as storing and retrieving data, hosting static websites, and more.

In this task, you will learn how to create and manage S3 buckets in AWS.

🎯Task: 1

  1. Create an S3 bucket using Terraform

  • In our main.tf file, add the following code to create S3 bucket
provider "aws" {
        region = "us-west-2"
}

resource "aws_s3_bucket" "my_bucket" {
        bucket = "demokbucket0a"
}

terraform init

terraform plan

terraform apply

  1. Configure the bucket to allow public read access

  • In our main.tf file, add resource block to allow public read access
resource "aws_s3_bucket_public_access_block" "example" {
            bucket = aws_s3_bucket.my_bucket.id

            block_public_acls       = false
            block_public_policy     = false
            ignore_public_acls      = false
            restrict_public_buckets = false
  }
resource "aws_s3_bucket_acl" "bucket_acl" {
        bucket = aws_s3_bucket.my_bucket.id
        acl    = "public-read"
 }

  • Enable the ACL in the S3 bucket and choose Bucket owner preferred and save the change

terraform plan

terraform apply

  • Check the bucket in the console for the public access

  1. Create an S3 bucket policy that allows read-only access to a specific IAM user or role

resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.my_bucket.id
  policy = data.aws_iam_policy_document.allow_read_only_access.json
}


data "aws_iam_policy_document" "allow_read_only_access" {
  statement {
    principals {
      type        = "AWS"
      identifiers = ["767397805477"]
    }

    actions = [
      "s3:GetObject",
      "s3:ListBucket",
    ]

    resources = [
      aws_s3_bucket.my_bucket.arn,
      "${aws_s3_bucket.my_bucket.arn}/*",
    ]
  }
}

To provide read-only access to a specific IAM user or role, the code creates an S3 bucket policy resource using the aws_s3_bucket_policy resource type. The resource is associated with the S3 bucket resource aws_s3_bucket.my_bucket using the bucket parameter.

The policy parameter is set to the Terraform data source data.aws_iam_policy_document.allow_read_only_access.json, which defines the policy document.

The policy document is created using the data block, which creates a Terraform data source.

The data source aws_iam_policy_document.allow_read_only_access defines a policy document that allows read-only access to the S3 bucket for a specific IAM user or role. The policy document is specified using JSON syntax.

The policy document has a single statement block, which defines the permissions to grant. The statement grants the s3:GetObject and s3:ListBucket permissions for the specified bucket and bucket objects. The principals block specifies the AWS user or role to which the permissions are granted. In this case, the identifiers field specifies the AWS account ID of the user or role to which read-only access is granted.

terraform plan

terraform apply

  • Check the bucket to view the policy

  1. Enable versioning on the S3 bucket

resource "aws_s3_bucket" "my_bucket" {
        bucket = "demokbucket0a"
 versioning {
      enabled = true
    }
}

terraform plan

terraform apply

  • Check the bucket to view the Bucket Versioning