Scribd
Upload
7 views40 pages

Tutorial6 BI SCC S3

The document provides an overview of Amazon S3, a scalable and secure object storage service, detailing its features such as S3 buckets, object storage, access control, and security measures. It explains how to create buckets, upload objects, use pre-signed URLs for temporary access, and enable static website hosting. Additionally, it covers S3 versioning and encryption options to enhance data protection and management.

Uploaded by

hannahnagy9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views40 pages

Tutorial6 BI SCC S3

The document provides an overview of Amazon S3, a scalable and secure object storage service, detailing its features such as S3 buckets, object storage, access control, and security measures. It explains how to create buckets, upload objects, use pre-signed URLs for temporary access, and enable static website hosting. Additionally, it covers S3 versioning and encryption options to enhance data protection and management.

Uploaded by

hannahnagy9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

INCS 410:

Software Cloud
Computing

Dr. John Zaki

Tutorial 6

Prepared By: Eng. Sarah Hatem


AWS S3
• Amazon Simple Storage Service (S3) is a highly
scalable, durable, and secure object storage
service offered by AWS.

• It allows users to store and retrieve any amount of


data from anywhere on the internet.

• S3 is designed for 99.999999999% (11 nines)


durability, making it ideal for backup storage, data
lakes, website hosting, content delivery, and
more.
S3 Bucket
• An S3 bucket is a logical storage container in S3
where objects (files, images, videos, or backups)
are stored.

• Think of it like a folder in the cloud, but with


additional security, scalability, and lifecycle
management features.
Properties of S3 Bucket
•Globally Unique Name : Each bucket name must be
unique across all AWS accounts. (DNS Compliant)

•Region-Specific: Buckets are created in a specific


AWS region to optimize performance and
compliance. You can access your S3 bucket from any
region (it’s globally available), but the data lives in
the region you chose.

•Access Control : Can be private, public, or


restricted based on IAM policies.

•Object Storage : Stores individual objects, each


identified by a unique key (file name).

•Lifecycle Policies : Automatically transitions objects


between storage classes or deletes them after a set
period.
Objects
In Amazon S3, an object is the fundamental unit of
storage. An object consists of:

• Data : The actual file (image, video, document, backup,


etc.).
• Metadata : Information about the object (e.g., file size,
last modified date, content type).
• Object Key : A unique identifier (filename + path) for
accessing the object.
ex: https://s3-tutorial6-demo.s3.amazonaws.com/GIU-
logo.jpg
Object key: GIU-logo.jpg
Bucket: s3-tutorial6-demo • Version ID (Optional) : If versioning is enabled, each
AWS Region: US East (Ohio) us-east-2 (Region
version of an object gets a unique version ID.
specific)
• Access Control Information : Defines who can access
the object.
Pricing https://aws.amazon.com/pm/serv-s3/
https://aws.amazon.com/s3/pricing/
Example:
•Store images, PDFs, or documents up to 5 GB in total
•Upload or update files up to 20,000 times/month
•Let users download files up to 2,000 times/month
Create a bucket
Create a bucket
Bucket Name
Bucket name is globally unique (DNS compliant)
Disable ACL and block public access to
prevent data leaks
Note that S3 is global, while the buckets are
mapped to regions
Upload Objects to Bucket
• Select the Bucket you want to upload data on
• Upload
• Add files
Click on the object to view it
Then click on open to try to view it
S3 Pre-Signed URL?
An S3 pre-signed URL is a temporary, time-limited URL that grants authorized access
to a specific object in an S3 bucket.
It allows users to view or download an object without making the object public.

Why Use an S3 Pre-Signed URL?


•Provides temporary access to private objects.
•Can be used for downloads or uploads without exposing AWS credentials.
•Helps maintain security by keeping objects private while still allowing selective access.
Try viewing the image by object URL
The Object is Private (Default Setting)
AWS S3 Security

• User-Based: IAM Policies (allow specific actions for specific IAM


Users)

• Resource-Based: Bucket Policies (rules for Buckets from the s3


console), Object Access Control List, Bucket Access Control List
Allow Public Access for s3 Bucket
Do not allow public access if the bucket contains critical content
Uncheck the box to allow
public access
From permissions also go to Bucket
Policy to allow public access of objects
Policy to grant
public access
of objects in a
bucket
• Allow any user, to get
Object from the Bucket

• ARN: Add the bucket name


then "/*". i.e.: All Objects in
the Bucket

• "Add Statement" ->


"Generate Policy" -> copy
the JSON policy and paste
it in the bucket policy on
AWS
Copy and paste the policy
Refresh the URL again
S3 Static Website Host

• S3 static website hosting allows you to host static HTML, CSS,


JavaScript, and other files directly from an S3 bucket

• Once enabled, S3 assigns a unique endpoint (URL) for


accessing your website

• S3 static website hosting supports custom domain names


using Route 53 or other DNS providers
Host static
Website on your
s3
Navigate to your Bucket -> properties -
> Static website hosting

Enable, specify the root (homepage of


the website)
Upload your homepage html
document to the bucket
You can upload all your website data(html, CSS, JS,
images, ...) files in the bucket. Then, state the main
html file to the static website host to start the app
through this file
Back to "Static website
hosting"
Visit the URL to check the homepage of your website
S3 Versioning
• S3 versioning allows you to keep multiple versions of an object in a bucket.

• Each new object upload is assigned a unique version ID.

• It helps protect against accidental deletion or overwrite by providing a history of


changes.

• Previous versions can be accessed and restored, and versioning can be managed
via the AWS Management Console, CLI, or SDKs.

• Note that: when you already have objects in a bucket then you enable versioning
(meaning that it was disabled before), the old objects (before versioning) won't
get a version ID but any new object uploaded will get a version ID also any
modified object will have a new version ID.
S3 Versioning
Enable "Bucket Versioning" then save
Change content of a file
Let's change the html file, then re-upload it
Check the versions of the index.html
file

Notice the files that existed before enable


versioning, they have "null" IDs
Try to delete a file while
"show versions" is enabled
It will be permanently deleted and cannot be
undone
But try deleting with
"show versions"
disabled
A marker will be just added to the
Object. Tagging that the object is
deleted, while the object remains in
the bucket
Try: delete the delete marker
S3 Encryption

S3 encryption provides mechanisms to encrypt data at rest and in


transit, ensuring data security.

Options for S3 encryption include:

- server-side encryption (SSE) using AWS-managed keys. It is the


default encryption used, using AWS-managed keys SSE-S3
(When SSE-S3 is enabled) or customer-provided keys
You upload your file to S3 unencrypted → AWS encrypts it
before storing it on disk.
When you retrieve it, AWS decrypts it automatically.
- client-side encryption where data is encrypted before uploading
to S3. You encrypt the file yourself.
Delete a bucket

Empty the bucket first


Delete the bucket now
Thank You

You might also like