Abhisek's blog
AWS S3 Bucket Creation and Management

AWS S3 Bucket Creation and Management

Day 67 of 90daysofdevops

Abhisek Moharana's photo
Abhisek Moharana
·

4 min read

Table of contents

AWS S3 Bucket

AWS S3 (Simple Storage Service) Bucket is a scalable and durable object storage service. It allows you to store and retrieve any amount of data from anywhere on the web. S3 provides high availability, security, and flexibility, making it suitable for storing files, hosting static websites, and enabling data backup and archival solutions in the AWS cloud.

Step 1: Create an S3 bucket using Terraform.

  • Create a terraform.tf and provider.tf to add details regarding AWS configuration and AWS Region.

      terraform {
     required_providers {
       aws = {
         source  = "hashicorp/aws"
         version = "~> 4.0"
       }
     }
   }

      provider "aws" {
    region = "us-east-1"
  }

  • Create a s3.tf file and inside aws_s3_bucket resource creates a new S3 bucket, my_bucket is a unique identifier.

      resource "aws_s3_bucket" "my_bucket" {
    bucket = "task1-day67-devops"
  }

  • Run the terraform init command to initialize the working directory and download the required providers.

  • Execute terraform plan, it will create an execution plan by analyzing the changes required to achieve the desired state of your infrastructure.

  • Finally, execute terraform apply, it will apply the changes to create or update resources as needed.

  • S3 bucket successfully created.

Step 2: Configure the bucket to allow public read access.

  • As the S3 bucket is created which is Private only, to allow public read access to the S3 bucket, the code creates an ACL (access control list) resource using the "aws_s3_bucket_acl" resource type.

  • Now create a file access.tf,the resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "acl" parameter is set to "public-read", which allows public read access to the bucket.

      resource "aws_s3_bucket_acl" "bucket_acl" {
    bucket = aws_s3_bucket.my_bucket.id
    acl    = "public-read"
  }

  resource "aws_s3_bucket_public_access_block" "pem_access" {
    bucket = aws_s3_bucket.my_bucket.id

    block_public_acls       = false
    block_public_policy     = false
    ignore_public_acls      = false
    restrict_public_buckets = false
  }

  • Now change the object Ownership by enabling "ACL enable" in the S3 Bucket "Edit Object Ownership".

  • Run terraform apply

  • Now the S3 Bucket is publicly accessible.

Step 3: Create an S3 bucket policy that allows read-only access to a specific IAM user or role.

  • To provide read-only access to a specific IAM user or role, the code creates an S3 bucket policy resource using the "aws_s3_bucket_policy" resource type. The resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter.

  • Create a file iam.tf and inside "aws_iam_policy_document" provide the details of the IAM user ARN. Inside the action provide the details like "s3:GetObject" and "s3:ListBucket". And in the resources add the bucket details including the IAM User arn.

resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.my_bucket.id
  policy = data.aws_iam_policy_document.allow_read_only_access.json
}


data "aws_iam_policy_document" "allow_read_only_access" {
  statement {
    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::563024908183:user/Doraemon"]
    }

    actions = [
      "s3:GetObject",
      "s3:ListBucket",
    ]

    resources = [
      aws_s3_bucket.my_bucket.arn,
      "${aws_s3_bucket.my_bucket.arn}/*",
    ]
  }
}

  • Run terraform apply

  • S3 bucket policy is created that allows read-only access to a specific IAM user.

Step 4: Enable versioning on the S3 bucket.

  • S3 bucket versioning is a feature in AWS S3 that enables the preservation and tracking of multiple versions of an object. It provides an added layer of data protection, allowing you to recover and restore previous versions of objects stored in an S3 bucket.

  • In the s3.tf file adds the versioning block is included, with enabled set to true.

      resource "aws_s3_bucket" "my_bucket" {
    bucket = "task1_day67_devops"
    versioning {
      enabled = true
    }
  }

  • Now use the command terraform apply and makes the bucket versioning enabled.

  • Now we can verify in the S3 Bucket that Bucket Versioning has been enabled.

Thank You,

I want to express my deepest gratitude to each and every one of you who has taken the time to read, engage, and support my journey.

Feel free to reach out to me if any corrections or add-ons are required on blogs. Your feedback is always welcome & appreciated.

~ Abhisek Moharana 🙂

#90daysofdevopsDevopsTerraformAWSAWS s3