AWS S3 Bucket Creation and Management
This is Day 67 of #90daysofdevops challenge
AWS S3 Bucket
Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It can be used for a variety of use cases, such as storing and retrieving data, hosting static websites, and more.
In this task, you will learn how to create and manage S3 buckets in AWS.
Task-01: Create an S3 bucket using Terraform.
Install Terraform in your EC2 instance and Configure your AWS access key and secret access key using the AWS CLI or environment variables.
- Create a file named
main.tfand add the following code:
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-demo-bucket-som"
}
- Run terraform init, plan and apply.
- S3 bucket successfully created.
Task-02: Configure the bucket to allow public read access.
You have to give permissions for your IAM user.
Go to the IAM console and select your user. In Permission policies click on Create inline Policy for the user.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "UpdateS3BucketPolicy",
"Effect": "Allow",
"Action": [
"s3:PutBucketPolicy"
],
"Resource": [
"arn:aws:s3:::my-demo-bucket-som"
]
}
]
}
- Click on Create Policy, give it a name and done.
- Let’s allow public access to s3 bucket and edit the main.tf file with code bellowed.
resource "aws_s3_bucket_public_access_block" "example" {
bucket = aws_s3_bucket.my_bucket.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.my_bucket.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": [
"arn:aws:s3:::my-demo-bucket-som/*"
]
}
]
}
EOF
}
- Run terraform init, plan and apply.
- Bucket is publicly accessible now.
Task-03: Create an S3 bucket policy that allows read-only access to a specific IAM user or role.
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.my_bucket.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::414694853813:user/Terraform-User" #change access "*" to specific IAM user
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-demo-bucket-som/*"
}
]
}
EOF
}
- Run terraform init, plan and apply.
- S3 bucket policy is created that allows read-only access to a specific IAM user.
Task-04: Enable versioning on the S3 bucket.
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-demo-bucket-som"
versioning {
enabled = true
}
}
- The versioning block is included, with enabled set to true. This enables versioning on the S3 bucket, which will keep multiple versions of each object stored in the bucket.
- Run terraform init, plan and apply.
- We can see the changes in the S3 bucket in the AWS management console.
"Thank you for enjoying my DevOps blog! Your positive response fuels my passion to dive deeper into technology and innovation.
Stay tuned for more captivating DevOps articles, where we'll explore this dynamic field together. Follow me on Hashnode and connect on LinkedIn (https://www.linkedin.com/in/som-shanker-pandey/) for the latest updates and discussions.