Day 67 - 90DaysOfDevOps

AWS S3 Bucket Creation and Management

·

3 min read

Day 67 - 90DaysOfDevOps

Hey Learners! Welcome back. In the last challenge, we did a great project which helped us to understand the concept of how we can use IaC to provision and manage our infrastructure. In this challenge, we'll going to create we'll create and manage S3 Buckets with Terraform. Let's start...

AWS S3 Bucket:-

Amazon Simple Storage Service (S3) is an object storage service that provides a secure and scalable way to store and access data on the cloud. It is designed for storing any kind of data, such as text files, images, videos, backups, and more.

To know more about S3 click here to read the Day43 challenge

Task-

1- Create an S3 Bucket using Terraform

To create an S3 Bucket we have to use the resource type "aws_s3_bucket". Create main.tf as shown below

Use the terraform apply command to provision

Go to the AWS console search for S3 service and in the Properties tab you see Bucket Versioning is disabled by default. In the Permission tab see Object Ownership.

2- Configure the bucket to allow public read access.

Make changes to main.tf file as shown below

When you use terraform apply command you'll get an error of Access Denied. To overcome this do the following.

We have to first manually change the ACL to Enabled.

Go to the AWS console and search for S3 service. Select the bucket you created. Select the Permissions tab and Edit "Object Ownership" as ACL enabled. Save the changes. Refer below screenshot

Apply the changes with acl as "public-read"

Go to the AWS console and check the Access status as Public.

3- Create an S3 bucket policy that allows read-only access to a specific IAM user or role

Make changes in main.tf as shown below

resource "aws_s3_bucket_policy" "policy" {
  bucket = aws_s3_bucket.bucket.id
  policy = data.aws_iam_policy_document.policy_ro_access.json
}
data "aws_iam_policy_document" "policy_ro_access" {
  statement {
    principals {
      type = "AWS"
      identifiers = ["542569069560"] #replace with your Account ID
    }
    actions = ["s3:GetObject","s3:ListBucket",]
    resources = [
        aws_s3_bucket.bucket.arn,
        "${aws_s3_bucket.bucket.arn}/*",
    ]
  }
}

We have to create a bucket policy that allows read-only access to the S3 bucket for a specific IAM user or role. The policy documents are specified using JSON syntax.

In the above configuration file, the "actions" block defines the permissions to grant for the specified bucket and bucket objects. The "principals" block specifies the AWS user or role for which the permissions are granted.

4- Enable versioning on the S3 bucket

To enable versioning make changes in main.tf file as shown below

resource "aws_s3_bucket" "bucket"  {
    bucket = "day67avp23-bucket"
        versioning {
        enabled = true
        }
}

Go to the AWS console to verify that Versioning is Enabled.

This is how we can deploy web servers in new VPC using terraform scripts.

Don't forget to use the terraform destroy command.

Thank you so much for taking the time to read till the end! Hope you found this blog informative.

Feel free to explore more of my content, and don't hesitate to reach out if need any assistance from me or in case of you have any questions.

Find me on:- Hashnode LinkedIn Github

Happy Learning!