S3 Buckets

Overview

Documentation: AWS docs

Buckets are containers for storing data objects in AWS. In this lab, we'll go through a few of the settings available with S3 buckets.

We'll look at:

Creating a bucket
Allowing object versioning
Setting bucket access
Lifecycle rules

Creating a Bucket

Navigate to S3 -> Create Bucket
Provide a name that is unique across all AWS
Decide on public access rules
Enable / disable versioning
Decide on encryption - (Server-side encryption means that data is encrypted at rest in the bucket)

Versioning

When you enable versioning S3 keeps a copy of past versions.

To see past versions press on show versions
You can also click on the object and select versions to see past versions

Access Permissions

You can set policies to decide how objects in the bucket can be accessed.

We're going to allow public anonymous access to only read the objects in our bucket.

Under permissions edit the bucket policy
Create a policy using the policy generator here
Choose s3 policy for policy type
Select allow and the * wildcard for everyone
We're going to select s3:GetObject and s3:GetObjectVersion to get the objects from the bucket
Apply the policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicRead",
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject", "s3:GetObjectVersion"],
      "Resource": "arn:aws:s3:::builab-bucket/*"
    }
  ]
}

Lifecycle

You can create lifecycle rules for all objects inside the bucket or based on prefixes, tags, or object size.

Navigate to management to configure lifecycle rules
Setting a rule scope - here we're going to only apply the rule to certain objects
Set filters to apply to items - we'll apply this rule to objects with the documents prefix
Select what you want to do to the objects
Select where to move the items
Now items inside the documents prefix (folder) will be placed in glacier deep archive after 15 days