AWS S3 Bucket Creation and Management
AWS S3 Bucket
AWS S3 (Simple Storage Service) Bucket is a scalable and durable object storage service. It allows you to store and retrieve any amount of data from anywhere on the web. S3 provides high availability, security, and flexibility, making it suitable for storing files, hosting static websites, and enabling data backup and archival solutions in the AWS cloud.
Step 1: Create an S3 bucket using Terraform
Create a terraform.tf and provider.tf to add details regarding AWS configuration and AWS Region.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
Create a s3.tf file and inside aws_s3_bucket resource creates a new S3 bucket, my_bucket is a unique identifier.
resource "aws_s3_bucket" "my_bucket" {
bucket = "nahid-demo-bucket-devops"
}
Run the terraform init command to initialize the working directory and download the required providers.
Execute terraform plan, it will create an execution plan by analyzing the changes required to achieve the desired state of your infrastructure.
Finally, execute terraform apply, it will apply the changes to create or update resources as needed.
Navigate to the AWS management console and go to S3 to view the bucket created.
Step 2: Configure the bucket to allow public read access.
- As the S3 bucket is created which is Private only, to allow public read access to the S3 bucket, the code creates an ACL (access control list) resource using the "aws_s3_bucket_acl" resource type.
Now create a file access.tf,the resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "acl" parameter is set to "public-read", which allows public read access to the bucket.
resource "aws_s3_bucket_acl" "bucket_acl" {
bucket = aws_s3_bucket.my_bucket.id
acl = "public-read"
}
resource "aws_s3_bucket_public_access_block" "pem_access" {
bucket = aws_s3_bucket.my_bucket.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
Now change the object Ownership by enabling "ACL enable" in the S3 Bucket "Edit Object Ownership".
Here, you see that bucket and object not public
Create a public_access.tf file and write proper configuration.
Use terraform apply to create public access for the S3 bucket.
Check the bucket in the console for the public access which is now enabled
Step 3: Create an S3 bucket policy that allows read-only access to a specific IAM user or role.
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.my_bucket.id
policy = data.aws_iam_policy_document.allow_read_only_access.json
}
data "aws_iam_policy_document" "allow_read_only_access" {
statement {
principals {
type = "AWS"
identifiers = ["835208014303"]
}
actions = [
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.my_bucket.arn,
"${aws_s3_bucket.my_bucket.arn}/*",
]
}
}
Create an IAM_access.tf file to write the configuration of IAM read access for the S3 bucket.
Now, use terraform apply to provide the access in the bucket.
S3 bucket policy is created that allows read-only access to a specific IAM user.
Step 4: Enable versioning on the S3 bucket.
Amazon S3 (Simple Storage Service) bucket versioning is a feature that allows you to keep multiple versions of objects within a single S3 bucket. When versioning is enabled for a bucket, every time you upload, modify, or delete an object, Amazon S3 automatically generates a new version of that object and retains the previous versions. This is particularly useful for data protection, disaster recovery, and maintaining a historical record of changes to objects stored in the bucket.
In the s3.tf file adds the versioning block is included, with enabled set to true
resource "aws_s3_bucket" "my_bucket" {
bucket = "nahid-demo-bucket-devops"
versioning {
enabled = true
}
}
Now use the command terraform apply and makes the bucket versioning enabled.
Now we can verify in the S3 Bucket that Bucket Versioning has been enabled.
Thank you for reading this blog. If you found this blog helpful, please like, share, and follow me for more blog posts like this in the future.
— Happy Learning !!!