AWS S3 Bucket Creation and Management

AWS S3 Bucket Creation and Management

AWS S3 Bucket

AWS S3 (Simple Storage Service) Bucket is a scalable and durable object storage service. It allows you to store and retrieve any amount of data from anywhere on the web. S3 provides high availability, security, and flexibility, making it suitable for storing files, hosting static websites, and enabling data backup and archival solutions in the AWS cloud.

Step 1: Create an S3 bucket using Terraform.

# terraform.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

# provider.tf

provider "aws" {
  region = "us-east-1"
}
  • Create a s3.tf file and inside aws_s3_bucket resource creates a new S3 bucket, my_bucket is a unique identifier.
  resource "aws_s3_bucket" "my_bucket" {
    bucket = "task1-day67-devops"
  }
  • Run the terraform init command to initialize the working directory and download the required providers.

  • Execute terraform plan, it will create an execution plan by analyzing the changes required to achieve the desired state of your infrastructure.

  • Finally, execute terraform apply, it will apply the changes to create or update resources as needed.

  • S3 bucket successfully created.

Step 2: Configure the bucket to allow public read access.

  • As the S3 bucket is created which is Private only, to allow public read access to the S3 bucket, the code creates an ACL (access control list) resource using the “aws_s3_bucket_acl” resource type.

  • Now create a file access.tf,the resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "acl" parameter is set to "public-read", which allows public read access to the bucket.

  resource "aws_s3_bucket_acl" "bucket_acl" {
    bucket = aws_s3_bucket.my_bucket.id
    acl    = "public-read"
  }

  resource "aws_s3_bucket_public_access_block" "pem_access" {
    bucket = aws_s3_bucket.my_bucket.id

    block_public_acls       = false
    block_public_policy     = false
    ignore_public_acls      = false
    restrict_public_buckets = false
  }
  • Now change the object Ownership by enabling “ACL enable” in the S3 Bucket “Edit Object Ownership”.

  • Run terraform apply

  • Now the S3 Bucket is publicly accessible.

Step 3: Create an S3 bucket policy that allows read-only access to a specific IAM user or role.

  • To provide read-only access to a specific IAM user or role, the code creates an S3 bucket policy resource using the “aws_s3_bucket_policy” resource type. The resource is associated with the S3 bucket resource “aws_s3_bucket.my_bucket” using the “bucket” parameter.

  • Create a file iam.tf and inside "aws_iam_policy_document" provide the details of the IAM user ARN. Inside the action provide the details like "s3:GetObject" and "s3:ListBucket". And in the resources add the bucket details including the IAM User arn.

resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.my_bucket.id
  policy = data.aws_iam_policy_document.allow_read_only_access.json
}


data "aws_iam_policy_document" "allow_read_only_access" {
  statement {
    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::563024908183:user/Doraemon"]
    }

    actions = [
      "s3:GetObject",
      "s3:ListBucket",
    ]

    resources = [
      aws_s3_bucket.my_bucket.arn,
      "${aws_s3_bucket.my_bucket.arn}/*",
    ]
  }
}
  • Run terraform apply

  • S3 bucket policy is created that allows read-only access to a specific IAM user.

Step 4: Enable versioning on the S3 bucket.

  • S3 bucket versioning is a feature in AWS S3 that enables the preservation and tracking of multiple versions of an object. It provides an added layer of data protection, allowing you to recover and restore previous versions of objects stored in an S3 bucket.

  • In the s3.tf file adds the versioning block is included, with enabled set to true.

  resource "aws_s3_bucket" "my_bucket" {
    bucket = "task1_day67_devops"
    versioning {
      enabled = true
    }
  }
  • Now use the command terraform apply and makes the bucket versioning enabled.

  • Now we can verify in the S3 Bucket that Bucket Versioning has been enabled.