Aws - S3 (Amazon Simple Storage Service)

Card Puncher Data Processing


S3 (ie Simple Storage Service) is a edge storage file system in Aws based on Hadoop File System

Amazon S3 uses dense storage drives that are optimized for storing larger objects inexpensively.

Static Hosting

Amazon S3 can be used to host static websites without having to configure or manage any web servers. See Aws - Static Web Hosting



bucket's name must be globally unique. Bucket used as an origin point for Amazon Cloudfront have specific restrictions



All buckets created in Amazon S3 are fully private by default. By default your bucket will only be accessible by authenticated users with access to your AWS account.

Bucket policies are represented as JSON documents that define the S3 Actions (S3 API calls) against the objects in your bucket that are allowed (or not not allowed) to be performed by different Principals (in our case the public, or anyone).

The easiest way to update a bucket policy is to use the console.

See also:

You could also use the canonical user id as the principal: “CanonicalUser”: “<OAI S3CanonicalUserId>”

Anonymous access

example of a policy that will grant read only access to anonymous users.

Both “Principal”: “*” and “Principal”:{“AWS”:“*”} grant permission to everyone (also referred to as anonymous access)

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow", 
            "Principal": "*", 
            "Action": "s3:GetObject", 
            "Resource": "arn:aws:s3:::[YOUR_BUCKET_NAME]/*" 
aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json

Cloudfront access

"Principal": {
    "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <OAI ID>"


There is other access controls than policy for S3:

Example of Check list:

  • You can access the site through the CloudFront Distribution URL (<WebsiteCloudFrontURL>).
  • You are restricted from accessing any of the application resources through S3 URLs. Try some deep links (e.g. <WebsiteS3URL>/js/vendor/unicorn-icon)
  • You can not delete or modify any of the application resources through the CloudFront Distribution. Try using a HTTP client (like curl or Postman) to make requests with different HTTP verbs (e.g. Delete). Below is an example using curl:
curl -i -X DELETE <WebsiteCloudFrontURL>/index.html




  • from the console
  • via cli
aws s3 mb s3://BUCKET_NAME
:: example
aws s3 mb s3://my-bucket-name

All buckets created in Amazon S3 are fully private by default.



aws s3 sync s3://wildrydes-us-east-1/WebApplication/1_StaticWebHosting/website s3://BUCKET_NAME --region YOUR_BUCKET_REGION



See Amazon Athena


Put Policy File

aws s3api put-bucket-policy --bucket BUCKET_NAME --policy file://pathToPolicyFile/website-bucket-policy.json

Copy (Cp)

aws s3 cp path/To/MyLocalFile s3://BUCKET_NAME/path/to/myFileInBucket

Discover More
Card Puncher Data Processing
Amazon Athena

is an query service against data in Amazon S3. Athena query engine is based on hive. See Langauge reference An external table...
Aws User Click Event Processing Architecture
Aws - Click Event Rest API (Capture user behavior)

Adapted from the Aws tutorial - Building a Modern app (module 5). Click Event records will be processed in real-time by a serverless code function, aggregated, and stored for any future analysis that...
Aws Cloudfront Distribution
Aws - Cloudfront

Amazon CloudFront is the CDN offering of AWS A distribution got all parameters of a web site (where the data comes from, certificate, ...) in the console After CloudFront creates...
Aws User Click Event Processing Architecture
Aws - Kinesis Data Firehose Delivery Stream

Amazon Kinesis Data Firehose is a simple service for delivering real-time streaming data to destinations. It is part of the Kinesis streaming data platform Delivery streams load data, automatically and...
Card Puncher Data Processing
Aws - Lambda Function

AWS Lambda run code in response to events such as an HTTP request. A lambda function (Serverless code) can defined using AWS SAM. Every Lambda function has an IAM role associated with it. This role...
S3 Bucket Public Access
Aws - Static Web Hosting

Static Web Hosting in Aws is done via s3 URL http://{your-bucket-name}.s3-website.{region} From the Aws...
Card Puncher Data Processing
S3 - Cors

in s3 s3 bucket > Properties tab, open the Permissions section, and click Edit CORS Configuration.
Serverless Architecture

serverless is an architecture paradigm that allows you to create applications without provisioning or managing any servers. The...
Static WebSite Hosting (Static Resource Hosting)

Hosting of static web resources including HTML, CSS, JavaScript, and image files which are loaded in the user's browser. The hosting is generally complemented by a CDN to cache the content and speed up...
Undraw File Manager Re Ms29
What is an Object Storage File System? (known also as edge storage)

Object storage (or object edge storage) is: a file system for blob file (binary object) (ie object) that are distributed/replicated at several CDN location (at the edge) In addition to the path,...

Share this page:
Follow us:
Task Runner