howtouselinux

Create AWS S3 Bucket with AWS Cli

Table of Contents

 

Amazon Simple Storage Service (Amazon S3) is a scalable, high-speed, web-based cloud storage service. The service is designed for online backup and archiving of data and applications on Amazon Web Services (AWS). Amazon S3 was designed with a minimal feature set and created to make web-scale computing easier for developers.

What is AWS S3 bucket?

A bucket is a container for objects stored in Amazon S3. we can store any number of objects in a bucket and can have up to 100 buckets in our account.

Buckets also:

  • Organize the Amazon S3 namespace at the highest level.
  • Identify the account responsible for storage and data transfer charges.
  • Provide access control options, such as bucket policies, access control lists (ACLs), and S3 Access Points, that you can use to manage access to your Amazon S3 resources.
  • Serve as the unit of aggregation for usage reporting.

How to create AWS S3 Bucket with Cli

  • Create a test bucket: aws s3 mb s3://chaos-blog-test-bucket
  • List the objects in the bucket: aws s3 ls s3://chaos-blog-test-bucket

How to create AWS S3 policy with cli

  • Create a role with no permissions:

aws iam create-role –role-name WriteToBucket_Role –assume-role-policy-document ‘{“Version”:”2012-10-17″,”Statement”:[{“Effect”:”Allow”,”Principal”:{“Service”:”ec2.amazonaws.com”},”Action”:”sts:AssumeRole”}]}’

  • Create a policy that can write into that bucket, and attach it to the role we just created:

aws iam put-role-policy –role-name WriteToBucket_Role –policy-name WriteToBucket_policy –policy-document ‘{“Version”:”2012-10-17″,”Statement”:[{“Effect”:”Allow”,”Action”:”s3:*”,”Resource”:[“arn:aws:s3:::chaos-blog-test-bucket”,”arn:aws:s3:::chaos-blog-test-bucket/*”]}]}’

How to add AWS S3 access to an Instance

  • Create an instance profile for us to attach to an instance:

aws iam create-instance-profile –instance-profile-name WriteToBucket_profile

  • Attach the role to the profile:

aws iam add-role-to-instance-profile –instance-profile-name WriteToBucket_profile –role-name WriteToBucket_Role

  • Attach profile to our running instance. Here we will have to know the instance id of the instance we are adding the IAM profile to:

aws ec2 associate-iam-instance-profile –instance-id YOUR_INSTANCE_ID –iam-instance-profile Name=”WriteToBucket_profile”

  • Go check out our AWS console, and we can see the IAM policy is now associated.

How to use AWS S3 on AWS instance?

  • ssh to our instance
  • Create an empty file: touch x
  • Copy a new empty file to the bucket: aws cp x s3://chaos-blog-test-bucket
  • We should now be able to see the file in the bucket. aws s3 ls s3://chaos-blog-test-bucket
  • If the copy fails, double check the IAM permissions, and that the instance has the IAM role attacked in the aws console.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Liquid Web Managed Word Press