About
S3 (ie Simple Storage Service) is a edge storage file system in Aws based on Hadoop File System
Amazon S3 uses dense storage drives that are optimized for storing larger objects inexpensively.
Static Hosting
Amazon S3 can be used to host static websites without having to configure or manage any web servers. See Aws - Static Web Hosting
Bucket
Name
bucket's name must be globally unique. Bucket used as an origin point for Amazon Cloudfront have specific restrictions
Policy
All buckets created in Amazon S3 are fully private by default. By default your bucket will only be accessible by authenticated users with access to your AWS account.
Bucket policies are represented as JSON documents that define the S3 Actions (S3 API calls) against the objects in your bucket that are allowed (or not not allowed) to be performed by different Principals (in our case the public, or anyone).
The easiest way to update a bucket policy is to use the console.
See also:
You could also use the canonical user id as the principal: “CanonicalUser”: “<OAI S3CanonicalUserId>”
Anonymous access
example of a policy that will grant read only access to anonymous users.
Both “Principal”: “*” and “Principal”:{“AWS”:“*”} grant permission to everyone (also referred to as anonymous access)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[YOUR_BUCKET_NAME]/*"
}
]
}
aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json
Cloudfront access
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <OAI ID>"
},
Access
There is other access controls than policy for S3:
Example of Check list:
- You can access the site through the CloudFront Distribution URL (<WebsiteCloudFrontURL>).
- You are restricted from accessing any of the application resources through S3 URLs. Try some deep links (e.g. <WebsiteS3URL>/js/vendor/unicorn-icon)
- You can not delete or modify any of the application resources through the CloudFront Distribution. Try using a HTTP client (like curl or Postman) to make requests with different HTTP verbs (e.g. Delete). Below is an example using curl:
curl -i -X DELETE <WebsiteCloudFrontURL>/index.html
Address
- virtual: https://bucketname.s3.amazonaws.com.
- path style: https://s3.amazonaws.com/bucketname.
Management
- AWS CLI (recommended)
- or a CloudFormation template
Create
- from the console
- via cli
aws s3 mb s3://BUCKET_NAME
:: example
aws s3 mb s3://my-bucket-name
All buckets created in Amazon S3 are fully private by default.
Sync
Example
aws s3 sync s3://wildrydes-us-east-1/WebApplication/1_StaticWebHosting/website s3://BUCKET_NAME --region YOUR_BUCKET_REGION
where:
Query
See Amazon Athena
Put
- kinesis firehose for streaming data
Put Policy File
- To put a policy
aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json
Copy (Cp)
aws s3 cp path/To/MyLocalFile s3://BUCKET_NAME/path/to/myFileInBucket