Day 67: AWS S3 Bucket Creation and Management

Prerequisites:

• Terraform installed and configured with AWS credentials

• if not then follow this blog

Task: Create an S3 bucket using Terraform.

create s3.tf with following code:

resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-s3-using-terra"
  tags= {
   Name = "My Bucket"
   Environment = "Dev"
  }
}

//use your own unique name for bucket

then execute terraform plan and terraform apply

Now check your aws console for s3:

Configure the bucket to allow public read access.

Open your existing Terraform configuration file for the S3 bucket and modify it to include the following additional configuration:

resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-s3-using-terra"
  tags= {
   Name = "My Bucket"
   Environment = "Dev"
  }

  acl    = "public-read"

  policy = <<EOF
  {
   "Version": "2012-10-17",
   "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject"],
      "Resource": ["arn:aws:s3:::my-s3-using-terra/*"]
    }
   ]
  }
  EOF
}

then execute terraform plan and terraform apply

Now check your S3 on aws console.

Create an S3 bucket policy that allows read-only access to a specific IAM user or role.

Create a new file named s3_bucket_policy.json and populate it with the following content:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowReadOnlyAccess",
      "Effect": "Allow",
      "Principal": {
        "AWS": ["arn:aws:iam::YOUR_ACCOUNT_ID:user/USERNAME"]
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
    }
  ]
}

Open your existing Terraform configuration file for the S3 bucket. Add the following resource block to define the S3 bucket policy:

resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = "YOUR_BUCKET_NAME"
  policy = file("s3_bucket_policy.json")
}

then execute terraform plan and terraform apply

To verify that the IAM user/role has read-only access to the S3 bucket, attempt to retrieve an object from the bucket using the IAM user/role's credentials. If the user/role has the necessary permissions, the operation should succeed. Otherwise, an access denied error will be returned.

Or

You can to your permission section of S3 backet console , you will see 1 attached bucket policy.

Enable versioning on the S3 bucket.

Open your existing Terraform configuration file for the S3 bucket. Add the following resource block to enable versioning:

versioning {
    enabled = true
  }

then execute terraform plan and terraform apply

To verify that versioning is enabled on the S3 bucket, you can check the bucket properties using the AWS Management Console or AWS CLI. You should see the versioning status set to "Enabled" for the respective bucket.

That was all for today. If you have any queries/suggestion please write in comment. See you another day with another challenge.