4.2 Create an S3 Bucket

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 27 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:01
In this video
00:03
we will
00:04
create our first s three bucket.
00:07
We will upload
00:08
an object to our bucket.
00:11
We will make our object accessible from the Internet.
00:17
So in our last video,
00:19
we were introduced to Amazon s three
00:23
or Amazons. Simple storage service.
00:27
We learned about buckets,
00:29
version ing
00:30
and the different storage classes. The N W s offers for s3.
00:36
In this video, we will dive in and create our first s three bucket.
00:43
So from the AWS management console, we type in s three
00:49
and they didn't hit enter to be taken to the S three dashboard.
00:55
As you can see,
00:57
we don't have any buckets created yet.
01:00
Also,
01:02
if we go up to region
01:03
notice that this says global
01:07
s3 is one of the few aws global service is.
01:11
So let's click create bucket.
01:17
We have to give our bucket a d. N s compliant name.
01:21
Also, I am already in the North Virginia region.
01:25
But remember,
01:26
the S three buckets are global.
01:30
The copy the settings bucket
01:33
would enable us to clone an existing bucket. But since we haven't created any it
01:38
do that will not apply to us.
01:42
So back to the D N s compliant name
01:48
A bucket
01:49
has to be in all lower case characters or numbers.
01:53
If you try to put in anything other than that, it will throw in there.
01:57
Also, the bucket name was be unique,
02:00
meaning it can't exist anywhere else in de ns.
02:06
So if I try to name
02:07
my bucket
02:08
my first bucket, it will tell me that
02:13
that bucket name already exists.
02:15
So I will give this a unique name and call it
02:21
cyber ery dash rocks.
02:23
Oops. I have to make sure that I use all lower case characters.
02:38
I will just my screen
02:39
so that you can see the entire dialogue box.
02:44
Then we click next.
02:46
This takes us to the property screen.
02:51
Here we can enable version ing.
02:53
We can log request
02:55
for access to our bucket.
02:59
We can give our bucket attack for tracking purposes or two separate teams.
03:04
For example, I could say that this bucket belongs to the network department.
03:14
We could enable object level logging for auditing and cloudtrail.
03:20
We will discuss cloudtrail in future lessons.
03:23
We could also enable encryption on our bucket.
03:28
Under advanced settings, we could enable cloudwatch to monitor requests to our bucket
03:35
we will discuss cloudwatch in future lessons as well.
03:38
We could also enable object lock if we wanted to place locks on objects within our bucket.
03:46
So
03:47
let's leave all of the properties unchecked and then click next.
03:53
This takes us to the permission screen.
03:59
Here is how we can control public access to our bucket.
04:02
If you notice all the boxes are checked, indicating that by default as three buckets of private,
04:11
this wasn't always the case.
04:13
Early adapters to S three often place files in buckets,
04:17
not completely understanding that they would be available to anyone on the public Internet.
04:23
As you can imagine, this cause huge problems.
04:27
So now, by default buckets of private.
04:30
So let's click next.
04:33
This takes us to the review page where we can confirm the properties for the bucket that we want to create.
04:41
My buckets. Name is cyber very dash rocks.
04:46
We haven't enabled
04:47
any of the other properties, so this looks good.
04:51
So then we click create bucket
04:59
and there is our cyber Iraq's bucket.
05:02
We see that access is private,
05:11
so let's click on our bucket.
05:15
And of course, it's empty, since we just created it
05:17
and have not uploaded anything to it yet,
05:21
So let's click. Upload.
05:25
I am going to Dragon Image for much. Top to upload it to our bucket.
05:30
It's an image from one of my favorite TV shows, Mr Robot.
05:35
So
05:36
now the image is in our bucket.
05:43
If we click on it, then we could display its properties.
05:47
It's a J peg with the size of about 138 kilobytes.
05:53
This is the euro that has been assigned to it.
05:57
It's storage classes standard, which is the default,
06:01
and I am the owner of the file.
06:05
So next let's click the properties tap
06:10
these other properties that we left disabled when we created our bucket
06:15
version ING
06:16
server access logging.
06:19
We can convert our bucket into a static Web site if we chose to.
06:25
Here's object level logging and default encryption.
06:32
Then we scroll down and we could see a few more properties,
06:36
object lock
06:38
tags,
06:41
transfer acceleration, which we haven't discussed since. It's a bit beyond the scope of our course
06:46
here. We can set up notifications when certain events occur within our bucket.
06:53
Perhaps when we reach our 1,000,000 view and
06:55
something cool like that
06:59
and this is requested pays, which essentially charges the requester to view the object
07:03
within our bucket instead of the bucket owner.
07:08
Next, let's click the permissions tab.
07:11
Here we see sub taps.
07:14
The first is for managing our public access settings
07:18
on the access Control This tab
07:21
Weaken Grant Basic rewrite permission to other AWS counts.
07:29
The Bucket policy tab
07:30
is used to manage the policy of our entire bucket.
07:36
These are written in Java script object notation or Jason. For short.
07:44
The final tab
07:45
is for cross origin, resource sharing or cores For short.
07:50
This is an advanced topic, but in a nutshell,
07:54
it enables resource sharing between Web applications that may reside in different domains or organizations.
08:01
Next we clicked Management tat.
08:05
Here's where we can configure lifecycle management for the objects within our buckets toe automatically transition to different storage classes.
08:16
We will play around with this feature in the future lesson.
08:18
So let's go back to the overview tab
08:22
we can do this weekend. Display the properties for this object.
08:28
Now let's see what happens when we click the Mr Robot image in our bucket.
08:37
We get this XML error stating that access is denied.
08:43
Remember
08:43
that are images private by default.
08:46
So what if we want the public to be able to see this image?
08:52
How do we overcome this problem?
08:56
So let's head back to the overview tap.
09:00
We will go back to our s three buckets dashboard,
09:05
Then we click on our bucket,
09:07
then click Edit public access settings.
09:11
So if you recall when we first created our bucket
09:16
that the boxes below all had check marks by default.
09:20
Once we click edit public access settings, they disappear.
09:26
But
09:26
our object is still private.
09:30
To make our object public, we must first edit the bucket policy
09:33
for our bucket cyber, every rocks.
09:37
To do this,
09:39
we click, save.
09:41
And here we get this confirmation box from A W s where we actually have to type confirm
09:48
to edit our bucket settings.
09:50
So let's type confirm and then click confirm.
09:58
Close out the bucket properties.
10:03
Then let's go back into our bucket,
10:07
then select our object,
10:13
then under actions, select make public
10:18
that will take us to another confirmation screen, warning us that we're about to make this image public.
10:26
So let's click. Make public.
10:33
Now let's try to click our object again to verify that are changes were successful.
10:41
So we click the link and presto,
10:46
there is our Mr Robot image.
10:50
Also, I want to show you the operations tab that appears at the bottom.
10:56
This will let us know if our uploads or edits
11:00
are successful or not
11:16
learning. Check.
11:18
What are some of the rules for bucket naming an s3
11:26
bucket? Names must be unique across all existing bucket names.
11:31
Within Amazon s three
11:35
bucket names must comply with Dennis Naming conventions
11:41
A bucket name cannot be four minutes
11:43
like an I P address. For example, we can't use
11:46
an I p like 10 dot Tenn 10.0.10. About 10
11:52
bucket names must be at least three
11:56
and no more than 63 characters. Long
12:01
bucket names must not contain uppercase characters
12:05
or underscores.
12:09
Finally, bucket names must start
12:11
with a lower case letter or number.
12:24
This video
12:24
We created our first s three bucket.
12:30
We uploaded an object to our bucket.
12:33
We made our object accessible from the Internet
Up Next
Intro to AWS

This Introduction to Amazon Web Services (AWS) course will teach you about Amazon's secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

Instructed By