Guided Lab: Creating an Amazon S3 Access Point
Description
Amazon S3 Access Points uniquely manage access permissions and network settings for shared data in S3 buckets. Instead of managing policies and controls on a bucket level, Access Points allow granular access management for multiple applications and users with individualized network and access restrictions. This flexibility simplifies permissions for large datasets, enabling better security controls, compliance adherence, and network restrictions, such as limiting access from the internet or VPCs.
In this lab, we will focus on creating an S3 Access Point with network origin set to the internet.
Prerequisites
This lab assumes you have the following:
- Basic knowledge and understanding of Amazon S3 and IAM access keys.
If you find any gaps in your knowledge, consider taking the following lab:
Objectives
By the end of this lab, you will:
- Understand and configure S3 Access Points with network restrictions.
- Create an S3 Access Point with internet access.
- Verify the Access Point configuration and access permissions.
Lab Steps
Create an S3 Bucket and Upload an Image
1. Navigate to the Amazon S3 dashboard
2. Create a New Bucket:
- Name your bucket uniquely ( example:
access-bucket-3000
) - Scroll down and click on Create Bucket.
3. Upload a file to your S3 Bucket:
- Download the image below to upload. You can also use an image you desire.
-
Upload it to your S3 Bucket:
Create an Access Point
1. On the left sidebar, click on Access Points.
2. Click on Create Access Point.
3. Follow the configurations below:
- Provide a unique name for the Access Point. (example: my-access-point-6000 )
- Under Bucket, select Choose a bucket in this account
- Click on Browse S3 and select the Bucket you created earlier
- Under Network origin, select Internet
4. Scroll down and click on Create access point.
5. Open the access point by clicking on the my-access-point-6000.
6. Go to the Properties tab. Take note of the Amazon Resource Name (ARN)
Create AWS Access Keys
1. Go to IAM in the AWS Console.
2. Go to Users > Click on your current User name > Security credentials > Create access key.
3. Follow the following configurations:
- Use case: Select Command Line Interface (CLI)
- Check on the Confirmation
- Click on Next
- Description tag value: myCLIAccessKey
- Click on Create access key
4. After creating the access key, copy the Access key and Secret access key to your clipboard. You can also download the .csv file of it.
Testing Access
1. Open your terminal. Ensure you have AWS CLI installed on your local Machine.
- If not, follow this installation guide: AWS CLI Installation Guide
2. Configure the AWS CLI with your credentials.
aws configure
3. Test access by attempting to list or read objects via the Access Point:
aws s3api list-objects --bucket <access-point-arn>
Congratulations! You’ve created and configured an Amazon S3 Access Point with internet access, enabling controlled and secure data access through specific network settings. Testing the Access Point via the AWS CLI verified that your configuration aligns with intended permissions, providing flexibility and ease of access management for different applications.
As a best practice, remember to delete any resources no longer in use, such as Access Points or IAM keys, to maintain a clutter-free AWS environment.
Thank you for joining this lab, and happy learning!