Table of Contents

About

S3 (ie Simple Storage Service) is a edge storage file system in Aws based on Hadoop File System

Amazon S3 uses dense storage drives that are optimized for storing larger objects inexpensively.

Static Hosting

Amazon S3 can be used to host static websites without having to configure or manage any web servers. See Aws - Static Web Hosting

Bucket

Name

bucket's name must be globally unique. Bucket used as an origin point for Amazon Cloudfront have specific restrictions

bucketnamingrules

Policy

All buckets created in Amazon S3 are fully private by default. By default your bucket will only be accessible by authenticated users with access to your AWS account.

Bucket policies are represented as JSON documents that define the S3 Actions (S3 API calls) against the objects in your bucket that are allowed (or not not allowed) to be performed by different Principals (in our case the public, or anyone).

The easiest way to update a bucket policy is to use the console.

See also:

You could also use the canonical user id as the principal: “CanonicalUser”: “<OAI S3CanonicalUserId>”

Anonymous access

example of a policy that will grant read only access to anonymous users.

Both “Principal”: “*” and “Principal”:{“AWS”:“*”} grant permission to everyone (also referred to as anonymous access) 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow", 
            "Principal": "*", 
            "Action": "s3:GetObject", 
            "Resource": "arn:aws:s3:::[YOUR_BUCKET_NAME]/*" 
        } 
    ] 
}

aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json

Cloudfront access

"Principal": {
    "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <OAI ID>"
},

Access

There is other access controls than policy for S3:

Example of Check list:

  • You can access the site through the CloudFront Distribution URL (<WebsiteCloudFrontURL>).
  • You are restricted from accessing any of the application resources through S3 URLs. Try some deep links (e.g. <WebsiteS3URL>/js/vendor/unicorn-icon)
  • You can not delete or modify any of the application resources through the CloudFront Distribution. Try using a HTTP client (like curl or Postman) to make requests with different HTTP verbs (e.g. Delete). Below is an example using curl:
curl -i -X DELETE <WebsiteCloudFrontURL>/index.html

Address

Management

Create

  • from the console
  • via cli
aws s3 mb s3://BUCKET_NAME
:: example
aws s3 mb s3://my-bucket-name

All buckets created in Amazon S3 are fully private by default.

Sync

Example 

aws s3 sync s3://wildrydes-us-east-1/WebApplication/1_StaticWebHosting/website s3://BUCKET_NAME --region YOUR_BUCKET_REGION

where:

Query

See Amazon Athena

Put

Put Policy File

aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json

Copy (Cp)

aws s3 cp path/To/MyLocalFile s3://BUCKET_NAME/path/to/myFileInBucket