Day 67 of #90daysofdevops
Hey Techies! Welcome to this blog
In this blog, we are going to start with AWS S3 Bucket Creation and Management using Terraform.
First let's learn about S3 Bucket..
Amazon Simple Storage Service (S3) is a storage that can be maintained and accessed over the Internet. Amazon S3 provides a web service that can be used to store and retrieve an unlimited amount of data. It is global by default and buckets are region specified.
Amazon Web Services (AWS) S3 is an Object Storage built to store and retrieve any data from anywhere. It is known to be a promising, stable, and highly scalable online storage solution.
Before you start managing your S3 bucket, make sure you have Terraform installed on your local machine. You can download Terraform from terraform.io and follow the installation instructions.
Once installed, create a new directory for your Terraform configuration files and navigate to it in your terminal.
mkdir s3-terraform
cd s3-terraform
Task
Create an S3 bucket using Terraform.
First create a provider file provide.tf it's a best practice.
#provider.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
Create a new file named main.tf in your project directory. This file will contain the Terraform configuration for your S3 bucket.
#main.tf
resource "aws_s3_bucket" "my_bucket" {
bucket = "bucket_name" # Replace with your desired bucket name
}
resource "aws_s3_bucket_ownership_controls" "my_bucket" {
bucket = aws_s3_bucket.my_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}
resource "aws_s3_bucket_public_access_block" "my_bucket" {
bucket = aws_s3_bucket.my_bucket.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_acl" "my_bucket" {
depends_on = [
aws_s3_bucket_ownership_controls.my_bucket,
aws_s3_bucket_public_access_block.my_bucket
]
bucket = aws_s3_bucket.my_bucket.id
acl = "public-read"
}
Replace "my-unique-bucket-name" with a globally unique name for your S3 bucket. The acl attribute is set to "public-read" to allow public read access.
Configure the bucket to allow public read access.
In the same main.tf file, add the following code to configure public read access for your S3 bucket.
resource "aws_s3_bucket" "my_bucket" {
bucket = "kritikabuckkkk" # Replace with your desired bucket name
}
resource "aws_s3_bucket_ownership_controls" "my_bucket" {
bucket = aws_s3_bucket.my_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}
#resource "aws_s3_bucket_public_access_block" "my_bucket" {
#bucket = aws_s3_bucket.my_bucket.id
#block_public_acls = false
#block_public_policy = false
#ignore_public_acls = false
#restrict_public_buckets = false
#}
resource "aws_s3_bucket_acl" "my_bucket" {
depends_on = [
aws_s3_bucket_ownership_controls.my_bucket,
#aws_s3_bucket_public_access_block.my_bucket
]
bucket = aws_s3_bucket.my_bucket.id
acl = "public-read"
}
resource "aws_s3_bucket_policy" "public_access" {
bucket = aws_s3_bucket.my_bucket.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "${aws_s3_bucket.my_bucket.arn}/*"
}
]
}
EOF
}
This block creates an S3 bucket policy allowing public read access to the objects in your bucket.
Create an S3 bucket policy that allows read-only access to a specific IAM user or role.
Enable versioning on the S3 bucket.
To create a policy that allows read-only access to a specific IAM user or role, add the following code to your main.tf file.
resource "aws_s3_bucket" "my_bucket" {
bucket = "bucket_name" # Replace with your desired bucket name
versioning {
enabled = true
}
}
resource "aws_s3_bucket_ownership_controls" "my_bucket" {
bucket = aws_s3_bucket.my_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}
#resource "aws_s3_bucket_public_access_block" "my_bucket" {
#bucket = aws_s3_bucket.my_bucket.id
#block_public_acls = false
#block_public_policy = false
#ignore_public_acls = false
#restrict_public_buckets = false
#}
resource "aws_s3_bucket_acl" "my_bucket" {
depends_on = [
aws_s3_bucket_ownership_controls.my_bucket,
#aws_s3_bucket_public_access_block.my_bucket
]
bucket = aws_s3_bucket.my_bucket.id
acl = "public-read"
}
resource "aws_s3_bucket_policy" "public_access" {
bucket = aws_s3_bucket.my_bucket.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "${aws_s3_bucket.my_bucket.arn}/*"
}
]
}
EOF
}
resource "aws_iam_user" "s3_user" {
name = "s3-read-only-user" # Replace with your desired IAM user name
}
resource "aws_iam_user" "my_user" {
name = "s3-read-only-user" # Change this to your IAM user name
}
resource "aws_s3_bucket_policy" "iam_user_access" {
bucket = aws_s3_bucket.my_bucket.bucket
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "${aws_iam_user.my_user.arn}"
},
"Action": "s3:GetObject",
"Resource": "${aws_s3_bucket.my_bucket.arn}/*"
}
]
}
EOF
}
This code creates an IAM user named "s3-read-only-user" and associates a bucket policy allowing read-only access.
Apply Your Terraform Configuration
Save your main.tf file, and in your terminal, run the following commands to initialize and apply your Terraform configuration.
terraform init
terraform apply -auto-approve
Follow the prompts to confirm the changes. Terraform will create the specified resources in your AWS account.
Conclusion
Managing AWS resources with Terraform provides a streamlined and consistent approach to infrastructure management. In this tutorial, we covered the fundamentals of creating an S3 bucket, configuring public read access, establishing IAM user or role policies, and enabling versioning.
Thank you so much for taking the time to read till the end! Hope you found this blog informative and helpful.
Feel free to explore more of my content, and don't hesitate to reach out if need any assistance from me or in case of you have any questions.
Happy Learning!
~kritika :)
Connect with me: LinkedIn