Introduction

This lab provides instructions for creating, accessing, managing, and deleting Amazon Simple Storage Service (S3) service.

Amazon Simple Storage Service (S3)

This section introduces you to Simple Storage Service (S3) using the AWS Management Console. Amazon S3 allows to store and retrieve any amount of data at any time from anywhere on the web.

By the end of this section, you will able to :

  • Create a bucket on Amazon S3

  • Add an object to your bucket

  • Manage access permissions on an object

  • Create a bucket policy

  • Use bucket versioning

What is the difference between AWS EBS and Amazon S3?

Task 1: Create a bucket

Every object in Amazon S3 is stored in a bucket.

  1. In the AWS Management Console, on the Services menu, click on S3 (Storage)

  2. Click on Create bucket, then configure your new bucket as follows:

    • Bucket name: mybucket[NUMBER] (replace [NUMBER] with a random number) (a) Why do you need to use a random number to name the bucket

    • Leave the default value in the AWS Region (Selecting a particular region allows you to optimize latency, minimize costs, or address regulatory requirements. Objects stored in a region never leave that region unless you explicitly transfer them to another region).

    • Set the Object Ownership to ACLs enabled

    • Set the Bucket Versioning to Enable (b) What is the role of the Versioning option?

    • Click Create bucket

Task 2: Upload an object to the bucket

Now that you have created a bucket, you are ready to store objects. An object can be any kind of files: a text file, a photo, a video, a zip file, etc. When you add an object to Amazon S3, you have the options of including metadata with the object and setting permissions to control access to the object.

  1. Save the Lab web page into your computer using the save feature of your browser

  2. In the Amazon S3 management console, click on the bucket that you have created in Task 1: Create a bucket

  3. Click on Upload. This launches an upload wizard that will assist you in uploading files. Using this wizard you can upload files, either by selecting them from a file chooser or by dragging them to the S3 window.

  4. Select Add files

    • Browse to and select the HTML file that you just saved

    • Click Open

  5. Select Upload

Task 3: Make your object public

Now, you are going to configure permissions on your object so that it is publicly accessible. First, let us attempt to access the object to confirm that it is private by default.

  1. Select the uploaded file in your bucket. A small window appear and it contains three sections: Properties, Permissions, and Versions

  2. Copy the S3 Link displayed at the bottom of the Properties session. The link should look similar to this: https://s3.eu-central-1.amazonaws.com/mybucket091189/file.html

  3. In a new browser tab, paste the link into the address field, then press enter (a) What do you see on your screen? (b) Why?

  4. Keep this browser tab open, but returns to the web browser tab with the Amazon S3 management console

  5. Click the Permissions section, then configure

    • Under the Block public access (bucket settings) section, select Edit

    • Unselect Block all public access

    • Click on Save changes

  6. Return to the Amazon S3 management console, select the bucket you created

    • Click the file you uploaded

    • Select the Permissions session

    • Click on Edit

    • Click on Make Public ACL

  7. Return to the browser tab with the S3 Link, and refresh the page. (a) What do you see on your screen?

In this task, you granted read access only to a specific object. If you wish to grand access to an entire bucket, you would use a Bucket Policy.

Task 4: Create a Bucket Policy

A Bucket Policy is a set of permissions associated with an Amazon S3 bucket. It can be used to control access to a whole bucket or to specific directories within a bucket.

  1. Follow Steps 1-2 from Task 3: Make your object public with a new file

  2. Copy the S3 Link associated to this new file in a new web browser tab (a) What do you see on your screen? (b) Why?

  3. Return to Amazon S3 management console, click the name of your bucket. You should see a list of the objects in your bucket.

  4. Click on the Permissions tab

  5. In the Bucket policy, click on Edit A blank Bucket policy editor is displayed. Bucket policies can be created manually, or they can be created with the assistance of the Policy generator.

  6. Copy the ARN (Amazon Resource Name) of your bucket to the clipboard. It is displayed at the top of the policy editor. What is an ARN?

  7. Click on Policy generator at the top. A new browser tab will open with the AWS Policy Generator. Set the following:

    • Select type of policy: S3 Bucket Policy

    • Principal: * (This means that anyone will be able to perform the actions in the policy)

    • Actions: GetObject (The GetObject action grants permission of objects to be retrieved from Amazon S3)

    • Amazon Resource Name (ARN): paste the ARN that you previously copied and append: /* to the ARN. The ARN should look similar to arn:aws:s3:::lab-xxx/* (Adding /* to the end of the bucket name allows the policy to apply to all objects within the bucket)

  8. Click on Add Statement

  9. Click on Generate Policy

  10. Copy the policy to your clipboard

  11. Click on Close

  12. Switch back to the tab with the Bucket Policy Editor and paste the bucket policy into the Bucket Policy editor

  13. Click Save changes

  14. Go back in the browser tab where you pasted the link for this new file and refresh the page. You should see the content.