In this blog, we will deep dive into one of the important AWS services, S3. S3 is abbreviated as Simple Storage Service. AWS S3 is designed to store and retrieve any amount of data from anywhere on the web. It is a highly scalable and secure object storage service offered by Amazon Web Services (AWS).
S3 Buckets
S3 buckets serve as containers for storing objects, which are essentially files, within Amazon S3. Each bucket must have a globally unique name across the entire AWS platform. Conceptually, you can liken an S3 bucket to a top-level directory that serves as a repository for organizing and storing your data.
Why S3 Buckets
S3 buckets offer a dependable and immensely scalable storage solution suitable for a multitude of use cases. They are simply utilized for different tasks such as backup and restoration, data archiving, storage of website content, and serving as a primary data source for big data analytics, S3 buckets prove versatile in meeting diverse storage needs.
Key Benefits of AWS S3 Buckets
Durability and availability: S3 provides high durability and availability for your data. S3 ensures 99.999999999% durability for stored objects by automatically replicating data across multiple servers and data centers.
Scalability: You can store and retrieve any amount of data without worrying about capacity constraints.
Security: S3 offers multiple security features including access control lists (ACLs), bucket policies, and integration with AWS Identity and Access Management (IAM).
Performance: S3 is designed to deliver high performance for data retrieval and storage operations.
Cost-effective: S3 offers cost-effective storage options and pricing models based on our usage patterns.
Additionally, Versioning allows us to preserve, retrieve, and restore every version of every object stored in a bucket, providing protection against accidental deletion or overwrites.
Let's know more about S3 buckets and their usage practically.
Let's create a bucket, search S3> click S3 >Click Create Bucket
AWS Region: default
Bucket name: demo-s3-prod-example.com
Object Ownership: ACLs Disabled
Block Public Access settings for this bucket: Block all public access
Bucket Versioning: Disabled
Then click on Create bucket and our bucket is created successfully.
Upload a file/object in the S3 bucket
Let's add a simple file to our bucket.
The index.html file contains simple HTML code.
<!DOCTYPE html>
<html>
<head>
<title>My First HTML Page</title>
</head>
<body>
<h1>Welcome to my page!</h1>
<p>This is a paragraph.</p>
<ul>
<li>Item 1</li>
<li>Item 2</li>
<li>Item 3</li>
</ul>
</body>
</html>
Let's try to upload the same file again and check whether the copy of the file can be uploaded or not without the change in the file.
We uploaded the same index.html file.
But we cannot see the copy of the file.
S3 also offers the versioning of the file like the version control systems. We can retrieve the file with any version.
Let's customize the code of index.html and upload it in the s3 bucket. But before that enable the versioning in the s3 bucket configuration
<!DOCTYPE html>
<html>
<head>
<title>My First HTML Page</title>
</head>
<body>
<h1>Welcome to my page!</h1>
<p>This is a paragraph.</p>
</body>
</html>
We can see the two versions of the index.html file. We can create multiple versions of the file and can retrieve any version of the file.
Bucket Permission
Anyone within the organization who has S3 full access permission and easily access the S3 bucket resources. Based on the requirements, we need to set the bucket permission so that the data within the buckets are safe and secure.
Let's create a use called demo-s3 with no access to the s3.
Our user demo-s3 is created and we will log in as a demo-s3 and try to access the bucket that we created.
We cannot access the bucket since we have not given access to the user to access these buckets. We need to attach the policy for the users so that the user can access the S3 resources.
Now we will grant permission to this user so that the user can access the S3 buckets.
The permission is added to the demo-s3 user.
Now the user can easily access the S3 bucket.
Though we have attached the policy so that the user can access the buckets but we don't want any users to do anything on our buckets. So lets make it more secure using the bucket policy.
{
"Version": "2012-10-17",
"Id": "RestrictBucketToIAMUsersOnly",
"Statement": [
{
"Sid": "AllowOwnerOnlyAccess",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::your-bucket-name/*",
"arn:aws:s3:::your-bucket-name"
],
"Condition": {
"StringNotEquals": {
"aws:PrincipalArn": "arn:aws:iam::AWS_ACCOUNT_ID:root"
}
}
}
]
}
This policy says that the bucket is only accessible to the root user and restricted to other users.
This is what I have attached to the bucket policy. Now lets verify whether the user can retrieve the s3 bucket resources as they have s3 full access.
We can see the user can not access the resources from the bucket. It is more important to identify whom to give access or not.
Host a static website in S3 bucket
Hosting a static website is very easy and simple in S3 as it is very cheap and affordable.
Let's upload an index.html file or use the previous index.html file as above. Now make the static website enabled. First, click on bucket-name > permission > static website hosting(edit)>enabled> index.html
As shown in the image you can follow the steps and save it.
After saving it, at the bottom, you will find the URL to access the website. Now simply copy the link and paste it into the browser.
You can see we are not able to access our website and a 403 forbidden error is shown. This is because if you remember while we created the bucket we choosed "Block Public Access settings for this bucket: Block all public access" due to which we are not able to access the website.
We will uncheck the block all public access so that we will be able to access the website.
Now we will try to access the website.
After doing everything right also we are not able to access the website. This is because we had set the bucket policy that only the root user will have access but not others. Now we will change the policy so that everyone can access the website having access to the internet.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::demo-s3-prod-example.com/*"
}
]
}
Save the policy and refresh the browser.
We can access our sample website finally.
Through these practical demonstrations, we learned how to create an S3 bucket, upload files, and showcased the importance of versioning for better data management in AWS. The significance of permissions and security features, such as IAM user policies and bucket policies, was practically demonstrated for controlled access. Whether you're a developer, system administrator, or business owner, AWS S3 is an essential tool in the cloud computing landscape, empowering you to store, manage, and retrieve data smoothly.
Happy Learning!!