AWS Classroomnotes 18/Apr/2023

S3 Contd

S3 Bucket Policies

  • S3 has a resource based access policy which is referrd as s3 bucket policies
  • S3 has support of acl (access control list) where we can provide basic access levels such as
    • private
    • public-read
    • public-write
  • We can create s3 bucket policies using policy generator Refer Here
  • Lets create a bucket in s3
  • Consider the following bucket policy, which gives accces to all objects from a specific ip
{
  "Id": "Policy1681791649818",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1681791641953",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "49.205.254.230/32"
        }
      },
      "Principal": "*"
    }
  ]
}
  • Add the policy to S3 bucket


  • Upload some text/audio/video file into bucket. Try accessing the ipaddress gets access to a file
  • For others we get access denied.
  • Lets change the policy to
{
  "Id": "Policy1681791649818",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1681791641953",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": "49.205.254.230/32"
        }
      },
      "Principal": "*"
    }
  ]
}
  • Now if we want to give access to specific aws user qtdevops
{
  "Id": "Policy1681791649818",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1681791641953",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],      
      "Principal": "arn:aws:iam::678879106782:user/qtdevops"
    }
  ]
}
  • Now if we want to give access to specific aws user devops
{
  "Id": "Policy1681791649818",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1681791641953",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],      
      "Principal": "arn:aws:iam::678879106782:group/devops"
    }
  ]
}
  • Exercise: Write a bucket policy to give access to all on your objects in a bucket
{
  "Id": "Policy1681791649818",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1681791641953",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::qtaccesspolicy", "arn:aws:s3:::qtaccesspolicy/*"],      
      "Principal": "*"
    }
  ]
}

Overview of Other Storage Types

  • Virtual Disks: This storage acts a disk to an ec2 instance. To Create Virtual Disks we have two options
    • Elastic Block Storage (EBS)
    • Instance-Store
  • Network Disks: To create network disks also we have two options
    • Elastic File Share (EFS)
    • FsX
  • EBS/Instance-Storage are disk storages which are used to serve one instance at a time, where as EFS/FsX are used to serve multiple machines over the network
  • Disk Technologies
    • Magnetic
    • Hard Disk Drives (HDD)
    • Solid State Drives (SSD)
  • Important factors of Disk
    • Size
    • Speed
  • Performance of the disks are measured using
    • IOPS
    • Throughput
Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%