Day 67: AWS S3 Bucket Creation and Management using terraform

AWS S3 Bucket

Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It can be used for a variety of use cases, such as storing and retrieving data, hosting static websites, and more.

In this task, you will learn how to create and manage S3 buckets in AWS.

Task

1. Create an S3 bucket using Terraform.

resource "aws_s3_bucket" "my_bucket" {
? bucket = "day67taskbucket0304"
}        

The aws_s3_bucket resource creates a new S3 bucket.

my_bucket is a unique identifier for this resource that can be used in other parts of your Terraform code. You can use a different name for this identifier if you prefer.

Run the?terraform init?command to initialize the working directory and download the required providers.

It will create an execution plan by analyzing the changes required to achieve the desired state of your infrastructure with?terraform plan

Finally, it will apply the changes to create or update resources as needed with?terraform apply.

S3 bucket successfully created.

2. Configure the bucket to allow public read access.

resource "aws_s3_bucket_acl" "bucket_acl" {
? bucket = aws_s3_bucket.my_bucket.id
? acl? ? = "public-read"
}        

To allow public read access to the S3 bucket, the code creates an ACL (access control list) resource using the "aws_s3_bucket_acl" resource type. The resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "acl" parameter is set to "public-read", which allows public read access to the bucket.

Run terraform apply

Bucket is publicly accessible.

3. Enable versioning on the S3 bucket.

The versioning block is included, with enabled set to true. This enables versioning on the S3 bucket, which will keep multiple versions of each object stored in the bucket.

Bucket Versioning is Enabled.

4. Create an S3 bucket policy that allows read-only access to a specific IAM user.

resource "aws_s3_bucket_policy" "bucket_policy" {
? bucket = aws_s3_bucket.my_bucket.id
? policy = data.aws_iam_policy_document.allow_read_only_access.json
}


data "aws_iam_policy_document" "allow_read_only_access" {
? statement {
? ? principals {
? ? ? type? ? ? ? = "AWS"
? ? ? identifiers = ["683633011377"]
? ? }

    actions = [
? ? ? "s3:GetObject",
? ? ? "s3:ListBucket",
? ? ]

    resources = [
? ? ? aws_s3_bucket.my_bucket.arn,
? ? ? "${aws_s3_bucket.my_bucket.arn}/*",
? ? ]
? }
}
        

To provide read-only access to a specific IAM user or role, the code creates an S3 bucket policy resource using the "aws_s3_bucket_policy" resource type. The resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "policy" parameter is set to the Terraform data source "data.aws_iam_policy_document.allow_read_only_access.json", which defines the policy document.

The policy document is created using the "data" block, which creates a Terraform data source.

The data source "aws_iam_policy_document.allow_read_only_access" defines a policy document that allows read-only access to the S3 bucket for a specific IAM user or role. The policy document is specified using JSON syntax.

The policy document has a single "statement" block, which defines the permissions to grant. The statement grants the "s3:GetObject" and "s3:ListBucket" permissions for the specified bucket and bucket objects. The "principals" block specifies the AWS user or role to which the permissions are granted. In this case, the "identifiers" field specifies the AWS account ID of the user or role to which read-only access is granted.

Run terraform apply

S3 bucket policy is created that allows read-only access to a specific IAM user.

Thank you for reading!