kshitijaa's Blog
AWS S3 Bucket Creation and Management

AWS S3 Bucket Creation and Management

Kshitija Bartakke-Malwade's photo
Kshitija Bartakke-Malwade
Β·

4 min read

Hello Cloud enthusiasts!

Today, let’s dive deep into creating and managing our AWS S3 buckets using the magic wand known as Terraform!

Why Terraform? πŸ€”

Well, as many of you know, Terraform is an open-source tool that lets you define and provide data center infrastructure using a declarative configuration language. It's like writing out your cloud dreams on paper and watching them come to life!

Setting Up πŸš€

Before we ride the Terraform train, ensure:

  1. You have an AWS account

  2. Terraform is installed

  3. Your AWS credentials are set up. (Use AWS CLI or environment variables)

Task 1 : Write your Terraform Configuration to Create S3 Bucket - Private

Here we are creating S3 bucket which is only visible and accessible to you which means creating a private bucket.

Let us write the main.tf file, starting with mentioning the provider and then s3 resource as below.

#provider
 terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
   }
 }
 provider "aws" {
   region  = "us-east-1" # You can change this to your preferred region
 }

#resource for S3
resource "aws_s3_bucket" "my_bucket" {
  bucket = "bucket-by-terraform"
  acl    = "private"  #private bucket created which is visible and accessiable to only you
}

Initialize, Plan and Apply! 🚦

Run the following commands:

terraform init
terraform validate
terraform plan
terraform apply

πŸ’‘ init sets up the necessary plugins. πŸ’‘ validate your code syntax check. πŸ’‘ plan gives a preview of what Terraform will do. πŸ’‘ apply makes it all happen!

You have an S3 bucket up and running!πŸš€

zoom in to get better view

Task 2 : Create a bucket, publically accessible

Now, there are a few scenarios where we need our bucket to be publically accessible.

How you do that, add up below in your main.tf file

To give the bucket public read access, modify the S3 bucket's ACL: The "public-read" ACL allows anyone to read the bucket's objects, but only the bucket owner has write access.

resource "aws_s3_bucket" "my_public_bucket" {
  bucket = "terraform-kshitija1111" #unique bucket name
}
resource "aws_s3_bucket_public_access_block" "public_access" {
  bucket = aws_s3_bucket.my_public_bucket.id

  block_public_acls   = false
  block_public_policy = false
}

Then run terraform apply, and voila! πŸŽ‰ Bucket with the above unique name created. After completing these steps, your S3 bucket will be configured with public access. Remember that this means anyone on the internet can read the objects in the bucket, so be cautious about what data you store there.

Task 3 :Enable versioning on the S3 bucket.

Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, Amazon S3 inserts a delete marker instead of removing the object permanently. The delete marker becomes the current object version.

We just need to set versioning to true in the main.tf file.

  versioning {
    enabled = true
  }

Task 4 : Create an S3 bucket policy that allows read-only access to a specific IAM user or role.

provider "aws" {
  region = "us-east-1" # Replace with your desired AWS region
}

resource "aws_s3_bucket" "example_bucket" {
  bucket = "my-s3-bucket-terrafrom" # Replace with your desired bucket name
}

resource "aws_iam_user" "example_user" {
  name = "my-s3-user" # Replace with your desired IAM user name
}

resource "aws_s3_bucket_policy" "example_bucket_policy" {
  bucket = aws_s3_bucket.example_bucket.id

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action   = [
          "s3:GetObject",
          "s3:ListBucket"
        ],
        Effect   = "Allow",
        Resource = [
          "${aws_s3_bucket.example_bucket.arn}/*",
          aws_s3_bucket.example_bucket.arn,
        ],
        Principal = {
          AWS = "arn:aws:iam::"YOUR_ACCOUNT_ID":user/my-s3-user" # Replace with the IAM user's ARN
        },
      },
    ],
  })
}

In this configuration:

  1. We define an S3 bucket using aws_s3_bucket.

  2. We create an IAM user using aws_iam_user.

  3. We define an S3 bucket policy using aws_s3_bucket_policy that allows both s3:GetObject and s3:ListBucket actions on the S3 bucket's objects and the bucket itself. Make sure to place "bucket-name" with your actual bucket name and provide the IAM user's ARN under the Principal field.

After running terraform apply, the specified IAM user will have permission to get and list objects in the specified S3 bucket. Ensure you replace "YOUR_ACCOUNT_ID" with your AWS account ID and adapt the resource names and other details according to your requirements.

The following things are created!

1) S3 bucket named -my-s3-bucket-terrafrom - See permissions

Bucket policy has all the configuration written in the main.tf file

I will be adding a random file to this s3 bucket from my root user

2) IAM User - my-s3-user - Make console access enable to login

Log in with this user and copy the URL of S3 bucket as shown below

This is how a particular user can access your s3 bucket data when the right permissions are assigned

Task 5 : Clean Up 🧹

Don’t want the bucket anymore? Terraform’s got you:

terraform destroy

And just like that, it’s gone! β³βž‘οΈβŒ›

Wrap Up 🎁

Terraform's beauty lies in its simplicity, repeatability, and the ease with which you can manage infrastructures. S3 buckets are just the tip of the iceberg. Dive deeper and explore a vast ocean of cloud possibilities with Terraform! 🌊🚒

Stay curious and happy terraforming! πŸŒπŸ€–

TerraformDevops#90daysofdevopsAWSS3
Β