Day 35: Deep dive into S3 bucket (part 2)

Day 35: Deep dive into S3 bucket (part 2)

#90daysofdevops

·

5 min read

ūüöÄ Introduction

In this blog we will discuss S3 bucket in deep, What is S3 bucket, Advantages of S3 buckets, What is Versioning, Static website hosting, What is storage class, etc.


What is S3?

  • S3 stands for simple storage service.

  • It is a storage service

  • Highly scalable

  • Highly available

  • Secure

  • Perfromance

  • Cost effective

-It allows you to store & retrieve any amount of data anywhere on the web.

-Amazon S3 is like a virtual storage space on the internet. You can store and retrieve data (like files or images) from anywhere. It's often used for things like storing backups, hosting files, or managing data for web applications.


What can you store in S3?

  • S3 service allows you to create buckets in which you can store anything like pictures, videos, file/folder, excel sheet/report.

What is Global service?

  • Object in S3 are globally accessible.

What is Object?

  • Object is nothing but whatever you put in S3 bucket is Object.

Advantages of S3:

  • Availability & Durability

  • Scalability

  • Security

  • Cost effective

  • Performance

  • 99.99999999999 reliability (in short we call ninety nine point eleven nine)


What is Scalability?

  • Store almost unlimited data in a single bucket. However one object should not be more than 5TB.

Tip: Choose multipart uploads to upload an object if the size of the object is huge.


Security?

  • S3 provides bucket policies, access control, and encryption settings are appropriately configured.

  • Encrypt data at rest using server-side encryption options provided by S3. Additionally, enable encryption in transit by using SSL/TLS for data transfers.

  • Enable access logging to capture detailed records of requests made to your S3 bucket. Monitor access logs and configure alerts to detect any suspicious activities or unauthorized access attempts.

  • S3 provides features and configurations to assist with compliance requirements, such as enabling Object Lock for data immutability, managing legal holds, and integrating with AWS CloudTrail for audit trails.


Cost effective:

  • It depends on the storage class that you use


Static web hosting:

  • Static web hosting means hosting websites where the content doesn't change unless you update it manually. It's simpler and often faster because it serves pre-made pages without generating content on-the-fly. Examples include Amazon S3 & GitHub Pages.

Bucket permissions:

  • These permissions control who can perform actions on the objects (files) within the bucket. -Permissions can include actions like read, write, and delete.

Commonly, you set bucket permissions to define which users or services can access or modify the data stored in that bucket. Permissions are often managed through policies and access control lists (ACLs).


ACLs:

  • ACLs stands for access control lists

  • ACLs are used to specify who can access and perform specific actions on individual objects within a bucket. ACLs typically include rules for specific users or predefined groups and define permissions like read, write, and delete.

  • Access Control Lists (ACLs) are like a set of rules for files or objects, saying who can do what. In services like Amazon S3, they help decide which users or groups can read, write, or delete specific files in a storage bucket.


Versioning in S3 buckets

Versioning in an S3 bucket allows you to keep multiple variants of an object in the same bucket. It keeps track of changes to files, so you can go back to earlier versions if needed.This helps with data protection and recovery. Enable versioning to maintain multiple versions of an object.


Storage Classes in S3

In Amazon S3, there are several storage classes designed for different use cases:

  1. Standard: Provides high durability and availability, suitable for frequently accessed data.

  2. Standard-IA (Infrequent Access): Lower cost compared to Standard, ideal for data accessed less frequently but requires rapid access when needed.

  3. One Zone-IA: Similar to Standard-IA but stores data in a single Availability Zone, reducing costs further.

  4. Intelligent-Tiering: Automatically moves objects between Standard and IA based on access patterns, optimizing costs.

  5. Glacier: Used for long-term archive storage with lower costs but longer retrieval times.

  6. Glacier Deep Archive: The lowest cost storage class for long-term retention and archiving of data that is accessed rarely.

Each class offers different combinations of cost, availability, durability, and retrieval time to suit varying data storage needs.

https://zesty.co/wp-content/uploads/2022/04/amazon-s3-aws-storage-classes.png

https://secureservercdn.net/160.153.138.177/3d9.249.myftpupload.com/wp-content/uploads/2020/02/S3-Storage-Classes-v2.png


What is JSON

  • JSON stands for JavaScript Object Notation

  • JSON is a lightweight format for storing and transporting data

  • JSON is often used when data is sent from a server to a web page

  • JSON is "self-describing" and easy to understand

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::<your-bucket-name>",
            "Condition": {
                "StringNotEquals": {
                    "aws:PrincipalArn": "arn:aws:iam::AWS_ACCOUNT_ID:root"
                }
            }
        }
    ]
}

This JSON represents an AWS S3 bucket policy. Let's break down what each part of this policy does:

  • "Version": "2012-10-17": Specifies the version of the policy language being used.

  • "Statement": [...]: Contains one or more statements defining the permissions for the S3 bucket.

    • "Sid": "AllowUser": A unique identifier for the statement. In this case, it's named "AllowUser".

    • "Effect": "Deny": Specifies that the actions specified in this statement are explicitly denied.

    • "Principal": "*": Specifies that the statement applies to all principals (users, roles, or AWS services).

    • "Action": "s3:*": Specifies that all S3 actions are affected by this statement.

    • "Resource": "arn:aws:s3:::mydevobucket": Specifies the ARN (Amazon Resource Name) of the bucket to which the policy applies.

    • "Condition": {...}: Specifies conditions under which the policy statement is enforced.

    • "StringNotEquals": {...}: Specifies a condition that must be met for the statement to be enforced.

    • "aws:PrincipalArn": "arn:aws:iam::025216262002:root": Specifies that the principal's ARN (Amazon Resource Name) must not equal the specified value for the statement to be enforced. In this case, the statement denies access to the bucket for all principals except the root user with the specified ARN.

In summary, this policy denies all actions ("s3:*") on the S3 bucket "mydevobucket" for all principals except for the root user with the specified ARN ("arn:aws:iam::025216262002:root").

For hosting a static website edit bucket policy like given below

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::<your-bucket-name>/*"
        }
    ]
}

Thanks for reading to the end; I hope you gained some knowledge.‚̧ԳŹūüôĆ

Linkedln

Twitter

Github