Guided Lab: Creating an Amazon S3 bucket
Description
Amazon Simple Storage Service (S3) is a secure, durable, and highly scalable object storage solution. It allows you to upload multimedia files such as photos, videos, and static documents by creating a logical storage bucket within an AWS region. With your bucket set up, you can easily upload numerous objects. Both buckets and objects are valuable resources, and Amazon S3 offers you the flexibility to manage them through APIs and a user-friendly web console.
Amazon S3 can function independently or be used with other AWS services, including Amazon EC2, Amazon Elastic Block Store (Amazon EBS), and Amazon Glacier. It’s also compatible with third-party storage solutions and gateways. This cost-effective object storage service caters to many use cases, including web applications, content distribution, backup and archiving, disaster recovery, and big data analytics.
This lab will help you create buckets and establish policies for efficient access management and restrictions.
Objectives
In this lab, you will:
- Learn how to create an S3 bucket in the AWS Console
- Learn how to implement bucket policies to manage and restrict access.
- Learn how to upload and download objects in an S3 bucket.
Lab Steps
Creating an S3 Bucket
1. In the AWS Management Console, search for “S3” using the search bar and select the S3 result under Services.
2. Once you’re in the S3 console, click the Create Bucket button.
3. Enter a unique name for your bucket, such as tdtest-playcloud-bucket or any preferred name, in the Name field.
- For the region, select US East (N. Virginia).
4. Leave the Block public access (bucket settings) at the default values. This is where you can set public access permissions.
5. Click on Create bucket. You should see a green notification that your bucket was created successfully.
Implementing bucket policies to manage and restrict access
1. In the Buckets table, click the name of your bucket in the Name column. This will take you to a page with tabs at the top.
2. Click the Permissions tab and select Edit in the Block public access section.
2. Uncheck all the options. However, please note that allowing public access to S3 buckets is serious, and you should be cautious before deciding. AWS has implemented various security features to prevent data breaches, and granting public access may pose a risk of unauthorized data access.
3. There is no sensitive data for this lab. Thus, we will set it to allow public access. Therefore, you can proceed with disabling the Block all public access feature.
4. Click on Save Changes at the bottom of the page. A confirmation dialog box will appear. Enter “confirm” in the box and click Confirm. You will see a green notification that the public access settings have been edited.
5. Please note that simply turning off the “Block all public access” setting in an Amazon S3 bucket does not automatically make the objects within it publicly accessible. To grant public access to these objects, explicit permissions must be defined in the bucket policy.
6. In this lab, we will use a Bucket policy to grant public access to your Amazon S3 bucket. To do this, scroll to the Bucket policy section and select Edit.
7. On the Edit bucket policy page, specify a JSON policy to control your Amazon S3 bucket access. Replace the contents of the Policy editor with the permissive policy provided below.
8. Replace the Resource key with the ARN of the bucket you created. To do this, click on the copy icon under Bucket ARN and paste the ARN in the value of the Resource key. Ensure that you preserve the /*
at the end of the value, apply the policy to all objects inside the bucket recursively.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "BUCKET_ARN/*",
"Principal": "*"
}
]
}
9. Click on Save Changes at the bottom of the page. You will see a green notification that the bucket policy was edited.
Please note that poorly managed Amazon S3 permissions can lead to unauthorized data access. AWS ensures you understand the implications of allowing public access to an Amazon S3 bucket. Therefore, it is advisable to carefully consider the impact before granting public access.
Uploading and Downloading Objects in a S3 Bucket
1. In your S3 bucket, click the Upload button.
2. Download and save the following file to your computer and upload it to your S3 bucket. You may upload by either browsing and selecting or dragging and dropping. If you prefer to browse and select, click Add Files.
https://media.tutorialsdojo.com/public/td_aws_console.png
3. Scroll down to the page’s bottom and select Upload to initiate the file upload process. A blue notification will indicate that the file is currently uploading, followed by a green notification confirming the successful completion of the upload.
4. To download the object, go to your S3 bucket, select the object, and click on the Download button.