Sandhya Deotare's blog
Harnessing the Power of Terraform: A Comprehensive Guide to Managing Amazon S3 Buckets

Harnessing the Power of Terraform: A Comprehensive Guide to Managing Amazon S3 Buckets

Day 67: AWS S3 Bucket Creation and Management

Sandhya Deotare's photo
Sandhya Deotare
·

3 min read

Table of contents

Introduction

Amazon Simple Storage Service (S3) revolutionized cloud storage, offering unparalleled scalability and accessibility. Coupled with Terraform, an infrastructure as code (IaC) tool, managing S3 buckets becomes even more efficient and scalable. In this tutorial, we'll explore how to leverage Terraform to create, configure, and manage S3 buckets, including setting up public read access, defining bucket policies, and enabling versioning.

Step 1: Setting Up Your Terraform Environment

Before diving into S3 bucket management, ensure you have Terraform installed on your local machine. Download Terraform from the official website and follow the installation instructions. Once installed, create a new directory for your Terraform configuration files and navigate to it in your terminal.

mkdir terraform-s3-example
cd terraform-s3-example

Step 2: Creating a Terraform Configuration File

Create a new file named main.tf in your project directory. This file will contain the Terraform configuration for your S3 bucket.

provider "aws" {
  region = "us-east-1"  # Set your desired AWS region
}

resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-unique-bucket-name"  # Replace with your desired bucket name
  acl    = "public-read"

  versioning {
    enabled = true
  }
}

Replace "my-unique-bucket-name" with a globally unique name for your S3 bucket. The acl attribute is set to "public-read" to allow public read access.

Step 3: Configuring Public Read Access

In the same main.tf file, add the following code to configure public read access for your S3 bucket.

resource "aws_s3_bucket_policy" "public_access" {
  bucket = aws_s3_bucket.my_bucket.bucket

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "${aws_s3_bucket.my_bucket.arn}/*"
    }
  ]
}
EOF
}

This block creates an S3 bucket policy allowing public read access to the objects in your bucket.

Step 4: Creating an S3 Bucket Policy for IAM User/Role Access

To create a policy that allows read-only access to a specific IAM user or role, add the following code to your main.tf file.

resource "aws_iam_user" "s3_user" {
  name = "s3-read-only-user"  # Replace with your desired IAM user name
}

resource "aws_s3_bucket_policy" "user_access" {
  bucket = aws_s3_bucket.my_bucket.bucket

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "${aws_iam_user.s3_user.arn}"
      },
      "Action": "s3:GetObject",
      "Resource": "${aws_s3_bucket.my_bucket.arn}/*"
    }
  ]
}
EOF
}

This code creates an IAM user named "s3-read-only-user" and associates a bucket policy allowing read-only access.

Step 5: Applying Your Terraform Configuration

Save your main.tf file and run the following commands in your terminal to initialize and apply your Terraform configuration.

terraform init
terraform apply

Follow the prompts to confirm the changes. Terraform will create the specified resources in your AWS account.

Conclusion

Managing AWS resources with Terraform offers a streamlined and consistent approach to infrastructure management. In this tutorial, we covered the fundamentals of creating an S3 bucket, configuring public read access, establishing IAM user or role policies, and enabling versioning. With Terraform, you can automate and scale your infrastructure management with ease, ensuring efficiency and consistency across your AWS environment.

Happy Learning!

Follow me on LinkedIn.

DevopsDevops articlesDevOps Journey#DevopscommunityDevOps trends#90daysofdevops#90daysofdevops chanllenge#90daysofdevopschallengeAWSS3S3-bucketTerraform