Aws - S3 (Amazon Simple Storage Service)

> AWS (Amazon Web Services) > Aws - S3 (Amazon Simple Storage Service)

1 - About

file system in Aws is called S3 (Simple Storage Service)

Amazon S3 uses dense storage drives that are optimized for storing larger objects inexpensively.

Advertising

3 - Static Hosting

Amazon S3 can be used to host static websites without having to configure or manage any web servers. See Aws - Static Web Hosting

4 - Bucket

4.1 - Name

bucket's name must be globally unique. Bucket used as an origin point for Amazon Cloudfront have specific restrictions

bucketnamingrules

4.2 - Policy

All buckets created in Amazon S3 are fully private by default. By default your bucket will only be accessible by authenticated users with access to your AWS account.

Bucket policies are represented as JSON documents that define the S3 Actions (S3 API calls) against the objects in your bucket that are allowed (or not not allowed) to be performed by different Principals (in our case the public, or anyone).

The easiest way to update a bucket policy is to use the console.

See also:

You could also use the canonical user id as the principal: “CanonicalUser”: “<OAI S3CanonicalUserId>”

Advertising

4.2.1 - Anonymous access

example of a policy that will grant read only access to anonymous users.

Both “Principal”: “*” and “Principal”:{“AWS”:“*”} grant permission to everyone (also referred to as anonymous access)

website-bucket-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow", 
            "Principal": "*", 
            "Action": "s3:GetObject", 
            "Resource": "arn:aws:s3:::[YOUR_BUCKET_NAME]/*" 
        } 
    ] 
}
aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json

4.2.2 - Cloudfront access

"Principal": {
    "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <OAI ID>"
},

4.3 - Access

There is other access controls than policy for S3:

Example of Check list:

  • You can access the site through the CloudFront Distribution URL (<WebsiteCloudFrontURL>).
  • You are restricted from accessing any of the application resources through S3 URLs. Try some deep links (e.g. <WebsiteS3URL>/js/vendor/unicorn-icon)
  • You can not delete or modify any of the application resources through the CloudFront Distribution. Try using a HTTP client (like curl or Postman) to make requests with different HTTP verbs (e.g. Delete). Below is an example using curl:
curl -i -X DELETE <WebsiteCloudFrontURL>/index.html
Advertising

5 - Address

6 - Management

6.1 - Create

  • from the console
  • via cli
aws s3 mb s3://BUCKET_NAME
:: example
aws s3 mb s3://my-bucket-name

All buckets created in Amazon S3 are fully private by default.

6.2 - Sync

Example

aws s3 sync s3://wildrydes-us-east-1/WebApplication/1_StaticWebHosting/website s3://BUCKET_NAME --region YOUR_BUCKET_REGION

where:

6.3 - Query

6.4 - Put

6.5 - Put Policy File

aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json

6.6 - Copy (Cp)

aws s3 cp path/To/MyLocalFile s3://BUCKET_NAME/path/to/myFileInBucket