What is S3 bucket | How to create aws s3 bucket.

Amazon simple storage service (Amazon S3) used as storage for the internet. It has simple web services interface that helps developers to store and retrieve data from anywhere around the globe. It is highly scalable, fast, inexpensive storage, reliable and highly trusted database.

S3 bucket

To upload data like video, documents, images etc. We first have to create a bucket in any of the AWS region (us-east-2, us-west-1, eu-central-1 etc.). Every object stored in Amazon S3 resides in a bucket. We can group different objects using buckets same way like we use the directory for grouping files.

How to create bucket?

  • 1. Sign in to the AWS Console.
  • S3 management
  • 2. Open the Amazon S3 console and choose to create bucket button.
  • 3. On Name and Region page
  • 4. Enter bucket name and it must be unique across all existing buckets in Amazon S3.
  • 5. Choose region where you want your bucket to reside. It should be in your neighborhood to increases efficiency and minimize delay.
  • 6. On Set properties page, configure properties for bucket
  • Versioning – It authorizes us to keep multiple versions of an object in the bucket.
  • Logging – It provides detailed records for the request made to the bucket.
  • Tags – Tags are used to track costs against projects
  • On Set permissions page, we can give access according to the role(private, owner, public).
  • On Review Page, we can edit our settings too after verifying it.
    Choose Create bucket button.

Configure bucket and object Access permissions

For uploading file on S3 bucket, we need a set of configuration needs to be done.

Which includes:

  • Access Control List
  • Bucket Policy
  • CORS Configuration

Access Control List – By default, bucket, and objects resources are not accessible to anyone other than the owner. It specifies special permissions to the user for accessing objects in buckets. Special permission like read and write.

Access Control List

Bucket Policy – This policy grants access to other AWS and Identity & Access Management(IAM) users to use S3 bucket. It can have multiple permissions. Examples:-

Granting Permissions to multiple accounts with added conditions

{
  "Version":"2012-10-17",
  "Statement": [
    {
      "Sid":"Stmt65454234343",
      "Effect": "Allow",
      "Principal": {"AWS": ["arn:aws:iam::12121212:root","arn:aws:iam::797787798:root"]},
      "Action":["s3:PutObject","s3:PutObjectAcl"],
      "Resource":["arn:aws:s3:::technodheeraj/*"],
      "Condition":{"StringEquals":{"s3:x-amz-acl":["public-read"]}}
    }
  ]
}

Getting read only permission to an anonymous user

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"ADSddf",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::technodheeraj/*"]
    }
  ]
}

Restricting access to specific IP Address

{
  "Version": "2012-10-17",
  "Id": "PolicyI646541",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::technodheeraj/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": "35.134.213.1/32"},
         "NotIpAddress": {"aws:SourceIp": "35.120.043.218/16"}
      }
    }
  ]
}

Restricting access to a specific HTTP Referrer

{
  "Version":"2012-10-17",
  "Id":"POLICY8u789r890283",
  "Statement":[
    {
      "Sid":"Allow get requests originating from www.technoalerts.com and technoalerts.com.",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::technodheeraj/*",
      "Condition":{
        "StringLike":{"aws:Referer":["http://www. technoalerts.com/*","http:// technoalerts.com/*"]}
      }
    }
  ]
}

These are few examples for bucket policy permission. If you want to check out more permissions you can this link

Access Permission

CORS Configuration-  Cross-Origin Resource Sharing. It allows client web apps which are located in one domain to interact with the resource in another domain. For permitting cross origin requests we have to add CORS config to the bucket.

For further information, Visit Allow cross-domain resource sharing with CORS.

CORS Config

Wrap up & Summary

In this recipe, we learned how to create a bucket in S3 and configured a bucket in their S3 service, We wrapped our head around CORS configuration, setup permission around the access control list and according to AWS & IAM users we setup bucket Policy.

 

Dheeraj Balodia

"Slapping the keyboard until something good happens."Full stack developer and an avid technology enthusiast.

Leave a Reply

Your email address will not be published. Required fields are marked *