S3 Contd
S3 Bucket Policies
- S3 has a resource based access policy which is referrd as s3 bucket policies
- S3 has support of acl (access control list) where we can provide basic access levels such as
- private
- public-read
- public-write
- We can create s3 bucket policies using policy generator Refer Here
- Lets create a bucket in s3
- Consider the following bucket policy, which gives accces to all objects from a specific ip
{
"Id": "Policy1681791649818",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1681791641953",
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
"Condition": {
"IpAddress": {
"aws:SourceIp": "49.205.254.230/32"
}
},
"Principal": "*"
}
]
}
- Add the policy to S3 bucket



- Upload some text/audio/video file into bucket. Try accessing the ipaddress gets access to a file

- For others we get access denied.
- Lets change the policy to
{
"Id": "Policy1681791649818",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1681791641953",
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "49.205.254.230/32"
}
},
"Principal": "*"
}
]
}
- Now if we want to give access to specific aws user
qtdevops
{
"Id": "Policy1681791649818",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1681791641953",
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
"Principal": "arn:aws:iam::678879106782:user/qtdevops"
}
]
}
- Now if we want to give access to specific aws user
devops
{
"Id": "Policy1681791649818",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1681791641953",
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
"Principal": "arn:aws:iam::678879106782:group/devops"
}
]
}
- Exercise: Write a bucket policy to give access to all on your objects in a bucket
{
"Id": "Policy1681791649818",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1681791641953",
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
"Principal": "*"
}
]
}
Overview of Other Storage Types
- Virtual Disks: This storage acts a disk to an ec2 instance. To Create Virtual Disks we have two options
- Elastic Block Storage (EBS)
- Instance-Store
-
Network Disks: To create network disks also we have two options
- Elastic File Share (EFS)
- FsX
-
EBS/Instance-Storage are disk storages which are used to serve one instance at a time, where as EFS/FsX are used to serve multiple machines over the network
- Disk Technologies
- Magnetic
- Hard Disk Drives (HDD)
- Solid State Drives (SSD)
- Important factors of Disk
- Performance of the disks are measured using
- IOPS
- Throughput

Like this:
Like Loading...