AWS S3 Bucket Creation and Management

AWS S3 Bucket Creation and Management

#day61 of #90daysofdevops

ยท

4 min read

Introduction:)

๐Ÿš€ Welcome to Day 67 of #90DaysOfDevOps! ๐Ÿ› ๏ธ

Embark on a journey into the powerful realm of Amazon S3 (Simple Storage Service) today. Our focus: Crafting and managing S3 buckets effortlessly with Terraform.

AWS S3 Bucket

Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It can be used for a variety of use cases, such as storing and retrieving data, hosting static websites, and more.

Key Points:)

  1. Object Storage:

    • S3 is scalable object storage for diverse data types.
  2. Scalability:

    • Accommodates an unlimited number of objects and data.
  3. Data Durability:

    • Ensures high durability through redundancy.
  4. Data Availability:

    • Provides high availability with low-latency access.
  5. Storage Classes:

    • Offers classes like Standard, Intelligent-Tiering, and Glacier.
  6. Bucket and Object Management:

    • Organizes data into buckets; allows various operations.
  7. Access Control:

    • Manages access through policies, ACLs, and IAM roles.
  8. Versioning:

    • Preserves and restores every version of stored objects.
  9. Server-Side Encryption:

    • Provides options for data-at-rest encryption.
  10. Event Notifications:

    • Triggers Lambda functions or notifications on events.
  11. Transfer Acceleration:

    • Uses CloudFront for accelerated uploading and downloading.

Prerequisites:)

NOTE: Make sure your IAM user has permission to do these tasks.

  • Set up the required providers with provider block

    1. Set Up Your Terraform Configuration

        terraform {
          required_providers {
            aws = {
              source  = "hashicorp/aws"
              version = "5.19.0"  # Use the latest version
            }
          }
        }
      

    2. Set up the Provider block

        provider "aws" {
          region = "us-east-1"  # Replace with your desired AWS region
        }
      

  • AWS CLI configured with the necessary IAM roles.

Tasks:-

Task-1: Create an S3 bucket using Terraform

  1. Step 1: Create a Terraform Configuration File

    Create a file named aws_s3.tf and add the following content:

     resource "aws_s3_bucket" "my_bucket" {
         bucket = "your_bucket_name" #make sure bucket name is unique
     }
    

  2. Step 2: Initialize and Apply Terraform Configuration

    • Run the following commands:

        terraform init
        terraform plan
        terraform apply
      

  3. Step 3; Verify

    • open the aws console and search for the s3 sevice


Task-2:Enable versioning on the S3 bucket.

To configure the S3 bucket to allow public read access, you can modify the Terraform configuration. Here's how you can do it:

Step 1: Update Terraform Configuration

  • Add a versioning block to your aws_s3_bucket resource in the aws_s3.tf file:

      resource "aws_s3_bucket" "my_bucket" {
          bucket = "meri_baldi"
    
      versioning {
          enabled = true
        }
      }
    

Step 2: Apply the Terraform Configuration

  • Run the following commands in your terminal:

      terraform plan
      terraform apply
    

Step 3: Verify

  • When you click on the bucket > properties


Task-3: Configure the bucket to allow public read access.

  1. Define the s3 policy block

    • add this content to the s3_bucket_access.tf file

        resource "aws_s3_bucket_public_access_block" "example" {
          bucket = aws_s3_bucket.my_bucket.id
      
          block_public_acls       = false
          block_public_policy     = false
          ignore_public_acls      = false
          restrict_public_buckets = false
        }
      
        resource "aws_s3_bucket_policy" "bucket_policy" {
          bucket = aws_s3_bucket.my_bucket.id
      
          policy = <<EOF
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "PublicRead",
              "Effect": "Allow",
              "Principal": "*",
              "Action": ["s3:GetObject"],
              "Resource": [
                "arn:aws:s3:::my-demo-bucket-som/*"
              ]
            }
          ]
        }
        EOF
        }
      

  2. Step 2: Apply the Terraform Configuration

    • Run the following commands in your terminal:

        terraform plan
        terraform apply
      

  1. Step 3 : Verify

    • Go to the permission of your bucket


Task-4: Create an S3 bucket policy that allows read-only access to a specific IAM user or role.

Step 1: Defile the block

  • Add a website block to your aws_s3_bucket resource in the aws_s3.tf file:

      resource "aws_s3_bucket_policy" "day67_bucket_policy" {
        bucket = aws_s3_bucket.day66_s3_bucket.id
        policy = data.aws_iam_policy_document.allow_read_only_access.json
      }
    
      data "aws_iam_policy_document" "allow_read_only_access" {
        statement {
          effect = "Allow"
          principals {
            type        = "AWS"
            identifiers = ["account_number"]
          }
          actions = ["s3:GetObject"]
    
          resources = [
            aws_s3_bucket.day66_s3_bucket.arn,
            "${aws_s3_bucket.day66_s3_bucket.arn}/*",
          ]
        }
      }
    

Step 2: Apply the Terraform Configuration

  • Run the following commands in your terminal:

      terraform plan
      terraform apply
    
  • Type "yes" when prompted to confirm the changes.

Step 3: Verify

  • check the policy of your bucket


Destroy the s3 bucket

terraform destroy

type yes


Connect with me:)

Thank you for diving into this blog with me! I trust you found the information both helpful and enlightening. To stay updated on the latest in DevOps ๐Ÿš€, make sure to follow me. Remember, staying informed means staying ahead in the dynamic world of DevOps!

Feel free to connect with me on:

LinkedIn

Twitter

GitHub

For more updates and engaging discussions on DevOps, let's connect! ๐Ÿš€ #DevOpsCommunity

ย