AWS Classroom Series – 02/Jun/2021

AWS S3 bucket policy

  • Bucket policies is a policy option available for granting permissions to s3 resources.
  • Bucket policy is a json document
  • Structure of Bucket Policy
{
    "Version": "",
    "Id": "",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow|Deny",
            "Principal": {
                "AWS": <ARN>
            },
            "Actions": [

            ],
            "Resource: [

            ]
            
        }
    ]
}
  • Refer Here for the Actions, resource types and condition keys
  • To create or edit bucket policy Preview Preview Preview
  • Sample bucket policy
{
    "Version": "2012-10-17",
    "Id": "Policy1622605772735",
    "Statement": [
        {
            "Sid": "Stmt1622605767542",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::qts3inclass/contents/*",
                "arn:aws:s3:::qts3inclass/documents/*"
            ]
        }
    ]
}
  • Exercise:
    • Ensure you have buckets with two folders
    • Create a bucket policy to all principals to access one folder objects and deny other folder objects

ACL

  • S3 ACL enables us to manage access to buckets and objects.
  • Each bucket and object has an ACL attached to it as a sub resource.
  • It defines which AWS Accounts or groups are granted access
  • Grantee: A grantee can be AWS account or a predefined S3 groups
  • Amazon S3 predefined user groups:
    • Authenticate user group
    • All users group
    • Log Delivery group
  • ACL Permissions:
    • READ
    • WRITE
    • READ_ACP
    • WRITE_ACP
    • FULL_CONTROL

AWS S3 CLI

  • To delete all the buckets one by one Refer Here

  • Using AWS CLI To create a bucket with cross-region replication enabled

  • JSON and YAML tutorial Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin