Amazon Web Services (AWS) provides a wide range of cloud services that empower businesses to innovate and scale efficiently. Among these services, Amazon S3 (Simple Storage Service) stands out as a fundamental building block for data storage in the cloud. It offers unmatched scalability, data availability, security, and performance. On Day 67 of our AWS learning journey, we will dive into the creation and management of S3 buckets, exploring key features and best practices.

Getting Started with Amazon S3

Creating an S3 Bucket using Terraform

Terraform is an Infrastructure as Code (IaC) tool that allows us to define and provision AWS resources, including S3 buckets, in a declarative and version-controlled manner. To create an S3 bucket using Terraform, follow these steps:

1. Install Terraform: If you haven’t already, install Terraform on your local machine. You can download it from the official website.

2. Write Terraform Configuration: Create a .tf file (e.g., s3_bucket.tf) and define your S3 bucket resource:

provider "aws" {
  region = "us-east-1" # Replace with your desired region
}

resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-unique-bucket-name" # Replace with your preferred bucket name
  acl    = "public-read"
}

3.Initialize Terraform: Open your terminal, navigate to the directory containing your .tf file, and run:

terraform init

4.Apply Configuration: Run the following command to create the S3 bucket:

terraform apply

Configuring Public Read Access

In the Terraform configuration above, we set the ACL (Access Control List) to “public-read,” which grants public read access to objects stored in the bucket. This is useful when hosting static websites or sharing public data. However, be cautious with public access and consider security best practices.

Creating an S3 Bucket Policy

AWS S3 allows you to define fine-grained access control policies using JSON-based bucket policies. To create an S3 bucket policy granting read-only access to a specific IAM user or role, follow these steps:

1. Create a JSON Policy: Write a JSON policy document that grants read-only permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-unique-bucket-name/*",
      "Principal": {
        "AWS": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:user/USERNAME"
      }
    }
  ]
}

Replace my-unique-bucket-name with your bucket's name and ACCOUNT-ID-WITHOUT-HYPHENS and USERNAME with the appropriate values.

1. Attach the Policy: Go to the AWS Management Console, navigate to your S3 bucket, and select “Permissions.” Under “Bucket policy,” paste the JSON policy document.

2. Review and Save: Review the policy to ensure it grants the desired permissions, then save it.

Enabling Versioning

Enabling versioning on an S3 bucket ensures that all object versions are preserved when changes are made. This feature is crucial for data durability and recovery. To enable versioning:

1. Go to the AWS Management Console, navigate to your S3 bucket, and select “Properties.”

2. Under “Versioning,” click “Edit.”

3. Select “Enable versioning” and click “Save.”

Conclusion

Amazon S3 is a versatile and powerful storage service that plays a vital role in many AWS architectures. Today, we explored the creation and management of S3 buckets using Terraform, configured public read access, created an S3 bucket policy for fine-grained access control, and enabled versioning for data durability.

As you continue your AWS journey, remember that S3 offers numerous features and settings to optimize your data storage needs, from lifecycle policies to cross-region replication. Exploring these options and staying updated on best practices will help you make the most of Amazon S3’s capabilities while ensuring the security and availability of your data.