Lesson 2 of 22
In Progress

[LAB] Creating Buckets and Uploading Objects – AWS Console

Ayush June 5, 2024

🧪Hands-On Lab
Help/Info

Welcome! In this lab and course, we’ll delve into the fundamentals of Amazon Web Services (AWS) Simple Storage Service (S3) buckets and objects, with a focus on security.

In this specific lab, we’ll cover creating an S3 bucket and uploading objects to it via the AWS console. In the next lab, we’ll retrace our steps but this time using the AWS CLI to make programmatic calls for times when you don’t have access to the console, or need to automate actions.

Let’s dive right into the practical aspects!

Log into the AWS console

First, after the lab launches, let’s login into the AWS Console using the provided credentials.

Once logged in, navigate to the S3 service page.

Create a new bucket

Click on “Create Bucket” to initiate the creation of our first S3 bucket.

For this demonstration, let’s create a “General Purpose” bucket. Next, we need to select a unique name for our bucket.

Note: S3 bucket names must be globally unique across all of AWS, so choose a name that hasn’t been used before or it won’t work!

Object Ownership

By default, S3 buckets are private, and full control over objects is provided to the owner of the bucket.

If you need to create a public bucket, you must explicitly configure it as such. This is part of the “Secure by Default” approach, aiming to prevent data breaches stemming from public S3 buckets.

Unless you have a very good reason to make a bucket public, leave the default as is. Also, as a best practice, whenever you need to make a bucket public, ensure you only ever upload public data to those buckets. Private data should go into a completely different private bucket, and ideally also in a completely separate AWS account.

For this lab, let’s keep the default setting for “Object Ownership” to ACLs disabled (recommended) with Bucket owner enforced.

We also want to keep the default of Block all public access.

Versioning and tags

We don’t need to enable bucket versioning for this lab, we will dive deep into Bucket Versioning in another lab.

Adding tags are optional but recommended practices. Tags can be useful for various purposes, including security and resource management.

Encryption

For “Default Encryption” you will want to leave the default of Server-side encryption with Amazon S3 managed keys (SSE-S3). Selecting any other option will cause creation to fail in this lab environment. For more information about S3 encryption, please refer to our KMS content.

Select Disable under “Bucket Key.”

Advanced Settings

There’s an “Advanced Settings” tab that you can expand, and in there, you’ll see an option to enable Object Lock which helps prevent objects from being deleted or overwritten. This feature requires enabling versioning.

Keep this set to Disable for this lab, or the bucket will fail to create.

Create Bucket

Scroll to the bottom of the page and click on the “Create bucket” button.

You may see an error message that says something like Insufficient permissions to apply Default Encryption but this error can be ignored for this lab environment.

You should still see that your bucket has been successfully created.

Uploading Objects to the Bucket

Now, let’s upload an object to our bucket. Click on the bucket name and then on the “Upload” button.

Select the file you wish to upload and click on the “Upload” button at the bottom of the page.

Confirm that the file was successfully uploaded to the bucket.

Close the upload window (by clicking on the Close button in the top right) and verify that your file appears in the bucket.

Congrats! You just uploaded your first object using the AWS Console.

You can now click on this object to view its Properties, Permissions, and Versions (if versioning was enabled)

Under Properties, you will see:

  • The owner of the object
  • The AWS region where the object is stored
  • Last modified
  • Size, type, and object key (name)
  • S3 URI
  • Amazon Resource Name (ARN) which is its unique identifier across all of AWS
  • Etag which is a hash of the object
  • Object URL

And other information further on the page.

Accessing the S3 object

You’ll notice that if you try to open this object by clicking on its Object URL, you will see this page:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>NQN73679REEC2BR7</RequestId>
<HostId>cjk/UUfGuOJy6UGc1gATiQKqqiU7tjutAnP1a5EOpP2Yw8iKVxbtIL91V1q7UXM4HegxjIP1F6k=</HostId>
</Error>
Code language: HTML, XML (xml)

This is by design for security. Instead, if you want to download the file, you would have to click on the Downbload button, or you can click on the Object actions dropdown and then Share with a presigned URL. We cover that in this lesson, if you want to learn how it works.

Conclusion

Congrats! You’ve:

  • Created your first S3 bucket
  • Uploaded your first object to S3
  • Learned how to view information about objects
  • Learned how to download S3 objects

You may now complete this lab.

Responses

Your email address will not be published. Required fields are marked *