Friday , May 24 2019

Build Your Own LAB – AWS S3 Bucket & Versioning

In this article we will do LAB on AWS S3 Bucket & its Versioning. We will run through on how to create a S3 bucket and understand its permission so that we can delegate the right users to access what bucket they should access.

Also we will run through the feature called “Versioning” a powerful way in which you can protect the modification or deletion of the file. Versioning basically stores all versions of an object and consider it as one of the great backup tool. We will also go through the restoration process which is quite easy.

Go to the services dashboard and select S3 storage service

image

You will notice while creating a bucket it also asks for the region, I have selected my nearest region as Mumbai

image

You cannot use the name which is already been used as discussed in our previous article the bucket namespace is global and it must be unique. It seems mumbucket is already been created so let’s create bucket name called mumbucket1

image

If you notice mumbucket1 is created

image

Click on mumbucket1, on the right pane you will notice its attribute and values associated

image

As you see below storage management features are now available in new console, let’s click on Opt-In to do our further Lab step in new console

image

Below is the Amazon S3 new console look

image

After clicking on the mumbucket1, the features associated to the object will be displayed as mentioned below

image

Clicking on permission option shows who has access to the bucket and what kind of permission is assigned. Below is the default root permission which is applied when the bucket was created. You can add other AWS users or assign permission to everyone whom you want to allow access from internet.

image

Let us upload file and then assign permissions

image

Here is my file from the desktop called test.txt to upload

image

You can assign the permission here as who can access what, the root account that is Charles*** has permission by default and while uploading we can assign other users permissions too. The file will not be accessible from internet as it is private by default. Notice there are two types of permission and below is explanation.

· Object Permission – When you select read or write option the users has access not to read the document but to modify or delete.

· Object Permission – when you assign read or write the user will be able to view who all users have the permission to that particular object and can modify that permission too.

Let’s leave the default and click on next to continue

image

We have gone through the previous article on the storage class and their features for this particular lab we will leave default option and click on next to continue

image

Review the settings and click on upload

image

The file is uploaded in the bucket as mumbucket1

image

Click on the file test.txt and you will notice the link to access the file but when you try to access it throws access denied error because we had not assigned any permission to access from internet.

image

image

You can select option make public so that the file is accessible from internet

image

Now you see the permission is updated and AllUsers is updated with permission is set to read on Object access

image

Now when you open the test.txt file link again you will notice it is opening without any access denied error.

image

image

So far we have created a bucket called mumbucket1 and uploaded a test.txt file, let’s enable versioning on bucket and the file containing inside the bucket will have multiple version when changes are made to it. To enable the versioning all we have to do is under properties of the bucket enable the versioning radio button.

image

One thing you must be aware that once you enable the versioning you cannot disable it except suspend that means will going forward not keep multiple version of file once the versioning is suspended but which was already had different versions of file will be kept as it is. If you want to delete it, the process is to manually select the appropriate version which you want to delete.

image

Versioning is now enabled

image

Notice on top there is a tab called latest version, you can drop down for multiple version of a file.

image

Let us now download the test.txt file, modify the content and upload it

image

I have updated the file with next line – “updating the downloaded file”. Notice the file name must not be changed or you should not replace it with same name file.

image

Let’s set the file permission so that it can be accessible from the internet and upload it.

image

Now when you see the file properties and drop down the latest version tab you will notice there are two files. Remember it will double the size of the size in your S3 storage and you might want to consider before enabling versioning feature.

image

Now when you try to access the test.txt file link, notice the updated content inside the text file.

image

You can also select the respective versions and delete unwanted and let’s say we delete the latest version

image

The test.txt will be showing the original file as mentioned below.

image

Now let’s delete the test.txt file and try to restore it. Select the test.txt file and under more option select the delete option and the file will be deleted.

image

File is deleted now. I was going through the AWS technical documentation but was unable to find a guide on how to restore object from a new portal. For this lab we will be going back to old console of S3 storage service.

image

Now when you are on the old console select the bucket mumbucket1

image

You will notice versions: Hide / Show

image

Those files now which are deleted are actually marked as deleted not hard deleted. All we have to do is click on show and select the file which has a remark (delete marker) and through the action drop down select delete to move it from Show to Hide tab.

image

image

You will notice now the test.txt file has been restored successfully.

image

So far what we have learned:

· Creating a S3 bucket and checking its permission – very critical

· Securing S3 bucket using permission

· Enabling versioning on a bucket and checking multiple version of files

· Deleting and restoring file from the S3 bucket.

About Charles Derber

Charles Derber is an IT Consultant, Volunteer & Speaker. He is Passionate about IT Technology & has an experience for a Decade in this Industry. His expertise is consulting on IT Infrastructure & Cloud, helping customers all over the world to plan, design & implement.

Check Also

Planning your Network on AWS Infrastructure (Virtual Private Cloud) – Part 1

I cannot stress how important is to plan you’re networking which is one of the ...

Leave a Reply

Your email address will not be published.