AWS S3 Bucket
Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It can be used for a variety of use cases, such as storing and retrieving data, and hosting static websites.
Task:
Create an S3 bucket using Terraform.
provider "aws" Block:
This block specifies the provider you want to use, which is AWS in this case.
region = "ap-south-1"specifies the AWS region where the resources will be created. In this case, it's the Asia Pacific (Mumbai) region.
resource "aws_s3_bucket" "my_bucket" Block:
This block defines the creation of an AWS S3 bucket resource.
aws_s3_bucketis the resource type, andmy_bucketis the local name you assign to this resource for reference within your Terraform configuration.
bucket = "day67taskbucket0304":
- This line specifies the name of the S3 bucket you want to create. The S3 bucket will be named "day67taskbucket0304."
It will create an execution plan by analyzing the changes required to achieve the desired state of your infrastructure with terraform plan
Finally, it will apply the changes to create or update resources as needed with terraform apply.
2. Configure the bucket to allow public read access.
resource "aws_s3_bucket_acl" "bucket_acl" {
bucket = aws_s3_bucket.my_bucket.id
acl = "public-read"
}
To allow public read access to the S3 bucket, the code creates an ACL (access control list) resource using the "aws_s3_bucket_acl" resource type. The resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "ACL" parameter is set to "public-read", which allows public read access to the bucket.
4. Create an S3 bucket policy that allows read-only access to a specific IAM user.
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.my_bucket.id
policy = data.aws_iam_policy_document.allow_read_only_access.json
}
data "aws_iam_policy_document" "allow_read_only_access" {
statement {
principals {
type = "AWS"
identifiers = ["683633011377"]
}
actions = [
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.my_bucket.arn,
"${aws_s3_bucket.my_bucket.arn}/*",
]
}
To provide read-only access to a specific IAM user or role, the code creates an S3 bucket policy resource using the "aws_s3_bucket_policy" resource type. The resource is associated with the S3 bucket resource "aws_s3_bucket.my_bucket" using the "bucket" parameter. The "policy" parameter is set to the Terraform data source "data.aws_iam_policy_document.allow_read_only_access.json", which defines the policy document.
The policy document is created using the "data" block, which creates a Terraform data source.
The data source "aws_iam_policy_document.allow_read_only_access" defines a policy document that allows read-only access to the S3 bucket for a specific IAM user or role. The policy document is specified using JSON syntax.
The policy document has a single "statement" block, which defines the permissions to grant. The statement grants the "s3:GetObject" and "s3:ListBucket" permissions for the specified bucket and bucket objects. The "principals" block specifies the AWS user or role to which the permissions are granted. In this case, the "identifiers" field specifies the AWS account ID of the user or role to which read-only access is granted.
S3 bucket policy is created that allows read-only access to a specific IAM user.
Happy Learning!