4.2 Create an S3 Bucket
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 27 minutes
In this video
create our first s three bucket.
We will upload
an object to our bucket.
We will make our object accessible from the Internet.
So in our last video,
we were introduced to Amazon s three
or Amazons. Simple storage service.
We learned about buckets,
and the different storage classes. The N W s offers for s3.
In this video, we will dive in and create our first s three bucket.
So from the AWS management console, we type in s three
and they didn't hit enter to be taken to the S three dashboard.
As you can see,
we don't have any buckets created yet.
if we go up to region
notice that this says global
s3 is one of the few aws global service is.
So let's click create bucket.
We have to give our bucket a d. N s compliant name.
Also, I am already in the North Virginia region.
the S three buckets are global.
The copy the settings bucket
would enable us to clone an existing bucket. But since we haven't created any it
do that will not apply to us.
So back to the D N s compliant name
has to be in all lower case characters or numbers.
If you try to put in anything other than that, it will throw in there.
Also, the bucket name was be unique,
meaning it can't exist anywhere else in de ns.
So if I try to name
my first bucket, it will tell me that
that bucket name already exists.
So I will give this a unique name and call it
cyber ery dash rocks.
Oops. I have to make sure that I use all lower case characters.
I will just my screen
so that you can see the entire dialogue box.
Then we click next.
This takes us to the property screen.
Here we can enable version ing.
We can log request
for access to our bucket.
We can give our bucket attack for tracking purposes or two separate teams.
For example, I could say that this bucket belongs to the network department.
We could enable object level logging for auditing and cloudtrail.
We will discuss cloudtrail in future lessons.
We could also enable encryption on our bucket.
Under advanced settings, we could enable cloudwatch to monitor requests to our bucket
we will discuss cloudwatch in future lessons as well.
We could also enable object lock if we wanted to place locks on objects within our bucket.
let's leave all of the properties unchecked and then click next.
This takes us to the permission screen.
Here is how we can control public access to our bucket.
If you notice all the boxes are checked, indicating that by default as three buckets of private,
this wasn't always the case.
Early adapters to S three often place files in buckets,
not completely understanding that they would be available to anyone on the public Internet.
As you can imagine, this cause huge problems.
So now, by default buckets of private.
So let's click next.
This takes us to the review page where we can confirm the properties for the bucket that we want to create.
My buckets. Name is cyber very dash rocks.
We haven't enabled
any of the other properties, so this looks good.
So then we click create bucket
and there is our cyber Iraq's bucket.
We see that access is private,
so let's click on our bucket.
And of course, it's empty, since we just created it
and have not uploaded anything to it yet,
So let's click. Upload.
I am going to Dragon Image for much. Top to upload it to our bucket.
It's an image from one of my favorite TV shows, Mr Robot.
now the image is in our bucket.
If we click on it, then we could display its properties.
It's a J peg with the size of about 138 kilobytes.
This is the euro that has been assigned to it.
It's storage classes standard, which is the default,
and I am the owner of the file.
So next let's click the properties tap
these other properties that we left disabled when we created our bucket
server access logging.
We can convert our bucket into a static Web site if we chose to.
Here's object level logging and default encryption.
Then we scroll down and we could see a few more properties,
transfer acceleration, which we haven't discussed since. It's a bit beyond the scope of our course
here. We can set up notifications when certain events occur within our bucket.
Perhaps when we reach our 1,000,000 view and
something cool like that
and this is requested pays, which essentially charges the requester to view the object
within our bucket instead of the bucket owner.
Next, let's click the permissions tab.
Here we see sub taps.
The first is for managing our public access settings
on the access Control This tab
Weaken Grant Basic rewrite permission to other AWS counts.
The Bucket policy tab
is used to manage the policy of our entire bucket.
These are written in Java script object notation or Jason. For short.
The final tab
is for cross origin, resource sharing or cores For short.
This is an advanced topic, but in a nutshell,
it enables resource sharing between Web applications that may reside in different domains or organizations.
Next we clicked Management tat.
Here's where we can configure lifecycle management for the objects within our buckets toe automatically transition to different storage classes.
We will play around with this feature in the future lesson.
So let's go back to the overview tab
we can do this weekend. Display the properties for this object.
Now let's see what happens when we click the Mr Robot image in our bucket.
We get this XML error stating that access is denied.
that are images private by default.
So what if we want the public to be able to see this image?
How do we overcome this problem?
So let's head back to the overview tap.
We will go back to our s three buckets dashboard,
Then we click on our bucket,
then click Edit public access settings.
So if you recall when we first created our bucket
that the boxes below all had check marks by default.
Once we click edit public access settings, they disappear.
our object is still private.
To make our object public, we must first edit the bucket policy
for our bucket cyber, every rocks.
To do this,
we click, save.
And here we get this confirmation box from A W s where we actually have to type confirm
to edit our bucket settings.
So let's type confirm and then click confirm.
Close out the bucket properties.
Then let's go back into our bucket,
then select our object,
then under actions, select make public
that will take us to another confirmation screen, warning us that we're about to make this image public.
So let's click. Make public.
Now let's try to click our object again to verify that are changes were successful.
So we click the link and presto,
there is our Mr Robot image.
Also, I want to show you the operations tab that appears at the bottom.
This will let us know if our uploads or edits
are successful or not
What are some of the rules for bucket naming an s3
bucket? Names must be unique across all existing bucket names.
Within Amazon s three
bucket names must comply with Dennis Naming conventions
A bucket name cannot be four minutes
like an I P address. For example, we can't use
an I p like 10 dot Tenn 10.0.10. About 10
bucket names must be at least three
and no more than 63 characters. Long
bucket names must not contain uppercase characters
Finally, bucket names must start
with a lower case letter or number.
We created our first s three bucket.
We uploaded an object to our bucket.
We made our object accessible from the Internet