Ronke's blog
AWS S3 Bucket Creation and Management

AWS S3 Bucket Creation and Management

Ronke Akinyemi's photo
Ronke Akinyemi
·

3 min read

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It can be used for a variety of use cases, such as storing and retrieving data, hosting static websites, and more.

Task 1

  • Create an S3 bucket using Terraform.

Prerequisite:

  1. Install Terraform: Refer to the official Terraform installation page at https://www.terraform.io/downloads.html for step-by-step guide on how to install Terraform on your specific operating system.

  2. AWS CLI installed: Set up your AWS credentials by configuring your AWS access key.

  3. Create your terraform configuration file in your project directory.

Now, create a main.tf file with the following:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.16"
    }
  }
  required_version = ">= 1.2.0"
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "devops_bucket" {
  bucket = "demo-bucket-day67"
}

Run terraform init, followed by terraform plan and terraform apply, to initialize your Terraform configuration, preview the planned changes, and apply the changes to your infrastructure.

Go to the AWS management console and click on the S3 service to verify that the S3 bucket was successfully created.

Task 2

  • Configure the bucket to allow public read access.

First, you have to grant permissions for your IAM user by navigating to the IAM console, selecting your user, and creating an inline policy under "Permission policies".

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "UpdateS3BucketPolicy",
      "Effect": "Allow",
      "Action": [
        "s3:PutBucketAcl"
      ],
      "Resource": [
        "arn:aws:s3:::demo-bucket-day67"
      ]
    }
  ]
}

The below code will grant public access to your bucket.

resource "aws_s3_bucket" "devops_bucket" {
  bucket = "demo-bucket-day67"
}

resource "aws_s3_bucket_public_access_block" "example" {
  bucket                   = aws_s3_bucket.devops_bucket.id
  block_public_acls       = false
  block_public_policy     = false
  ignore_public_acls      = false
  restrict_public_buckets = false
}

resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.devops_bucket.id

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicRead",
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject"],
      "Resource": [
        "arn:aws:s3:::demo-bucket-day67/*"
      ]
    }
  ]
}
EOF
}

Run terraform apply to apply the changes.

Verify your bucket is publicly accessible

Task 3

  • Create an S3 bucket policy that allows read-only access to a specific IAM user or role.
resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.devops_bucket.id

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::519458011439:user/terraform-user" #read-only access to a specific IAM user 

      },
      "Action": ["s3:GetObject"],
      "Resource": [
        "arn:aws:s3:::demo-bucket-day67/*"
      ]
    }
  ]
}
EOF
}

Run terraform apply to apply the changes.

You can verify the changes that was made to the S3 bucket policy through the AWS management console.

Task 4

  • Enable versioning on the S3 bucket.
resource "aws_s3_bucket" "devops_bucket" {
  bucket = "demo-bucket-day67"
  versioning {
    enabled = true
}
}

Run terraform apply to apply the changes

Navigate to the S3 service in the AWS management console to see the applied changes.

Thank you.

TerraformAWS#90daysofdevops