Vishal Shekokar's Blog
Unleash the AWS Magic: A Thrilling Adventure into S3 Bucket Mastery with Terraform! Day - 67

Unleash the AWS Magic: A Thrilling Adventure into S3 Bucket Mastery with Terraform! Day - 67

Vishal Shekokar's photo
Vishal Shekokar
ยท

2 min read

Introduction: Amazon Simple Storage Service (S3) is a fundamental building block of Amazon Web Services (AWS) that provides scalable and secure object storage. In this blog post, we will delve into the world of AWS S3 buckets and explore how to create, configure, and manage them using Terraform. Specifically, we'll walk through the process of creating an S3 bucket, configuring public read access, implementing a read-only bucket policy for a specific IAM user or role, and enabling versioning for enhanced data management.

Creating an S3 Bucket with Terraform

Terraform is an Infrastructure as Code (IaC) tool that enables you to define and provision AWS infrastructure in a declarative manner. Let's start by creating an S3 bucket using Terraform.

resource "aws_s3_bucket" "my_bucket" {
  bucket = "your-unique-bucket-name"
}

Replace "your_preferred_region" with the desired AWS region and "your-unique-bucket-name" with a globally unique bucket name.

Configuring Public Read Access

To allow public read access to the S3 bucket, set the ACL (Access Control List) to "public-read". This ensures that objects within the bucket are accessible to the public.

resource "aws_s3_bucket" "my_bucket" {
  bucket = "your-unique-bucket-name"
  acl    = "public-read"
}

Creating an S3 Bucket Policy

Next, let's create a bucket policy that grants read-only access to a specific IAM user or role. Adjust the following example according to your specific requirements.

resource "aws_s3_bucket_policy" "my_bucket_policy" {
  bucket = aws_s3_bucket.my_bucket.bucket

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::ACCOUNT_ID:root"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-unique-bucket-name/*"
    }
  ]
}
EOF
}

Replace "ACCOUNT_ID" with the actual AWS account ID.

Enabling Versioning

Enabling versioning in an S3 bucket allows you to preserve, retrieve, and restore every version of every object stored in the bucket. This is crucial for maintaining data integrity.

resource "aws_s3_bucket" "my_bucket" {
  bucket = "your-unique-bucket-name"
  acl    = "public-read"
  versioning {
    enabled = true
  }
}

With versioning enabled, every time an object is modified or deleted, a new version is created, providing a comprehensive history of changes.

Conclusion:

Congratulations! You have successfully created an S3 bucket, configured public read access, implemented a read-only bucket policy, and enabled versioning using Terraform. This robust foundation in AWS S3 bucket management will serve you well as you continue to build and scale your cloud infrastructure. Feel free to explore additional S3 features and customize your configuration to meet the unique requirements of your projects. Happy coding!

#90daysofdevops#90daysofdevopschallengeTerraformHashnodeAWSInfrastructure as codeautomationDevopsJourney
ย