AWS Series — How do we secure S3 data?

AWS Series — How do we secure S3 data?

S3 is one of the key AWS service and the oldest.

AWS Series — Simple Storage Service : The most used storage in cloud

We can control the security of the data on S3 bucket like who can access my data, what can they access and what operations can they perform on the bucket.

We use Object ACLs and Bucket Policies for securing the data.

Object Access Control List —

Object ACLs work on an individual object level. So we can make individual object as public or give access to certain users. We can provide access to read, write or deny the AWS users to perform operations on the object or file level.

Bucket Policies —

Bucket Policies work on an entire bucket level. It can make the whole bucket public or provide access to the entire bucket.

Let us see how we can do that on AWS management console.

Login to your AWS management console > Storage > S3

Click on create bucket

Give the bucket a name. This name should be globally available which means, no other buckets in any region should not have the same name bucket. Also, this should be created globally.

If the bucket name already exists, it throws the following error

Leave the default settings of ACLs and Block public access and create the bucket.

Now open the created bucket and click on the upload. This should allow you to select the files from your local and uploads into S3

Once uploaded, it gives success code.

when the object is uploaded, it provides the object URL. When we click on URL is says Access Denied.

We can select the Permissions tab in the bucket and click on Edit of the Block Public Access

Now uncheck the block public access and save changes

This will prompt you to confirm if you really want to allow the bucket and all its items to be publicly accessible. Enter Confirm. This will allow anyone to access the files in the bucket.

Now if you select any file in the bucket and go to Actions. You will observe that Make public using ACL option disabled. To enable this, we go to permissions again and Scroll to Edit Object Ownership.

Select the ACLs enabled in order to enable the object level permissions. Acknowledge that ACLs will be restored. Save changes.

Go to the object and select it Go to Actions > Make public using ACL is enabled. Click on it.

Now if we click on Object URL. It will no more give Access denied and can be opened by anyone.

Points to Remember —

  • Buckets are private by default: When you create an S3 bucket, it is private by default(including all objects within it). You have to allow public access on both the bucket and its objects in order to make the bucket public.
  • Object ACLs: You can make individual objects public using object ACLs
  • Bucket Policies: You can make entire buckets public using bucket policies
  • HTTP status code: When you upload an object to S3 and it’s successful, you will receive an HTTP 200 code.
Shilpa ThotaS
WRITTEN BY

Shilpa Thota

Read more