Day 46 of 100 Days : Securing Sensitive Data and Hosting Static Websites with Amazon S3

Today, we’ll explore two critical use cases for Amazon S3: restricting access to sensitive data using bucket policies and hosting a static website. This hands-on guide will demonstrate how to implement these concepts step-by-step.

Scenario 1: Restricting Access to Sensitive Data

As a DevOps Engineer, you might need to store sensitive information in an S3 bucket and ensure that even users with broader S3 access can't access this specific bucket. Here's how to secure your bucket:

Step 1: Create an IAM User

Navigate to the IAM Console.
Create a user named demo-s3-bucket-user.
- Assign console access with a custom password.
Do not attach any permissions initially to demonstrate default behavior.

Step 2: Test Default Access

Open an incognito window and log in with the new IAM user credentials.
Navigate to S3 in the AWS Console.
Notice that the user cannot list or access any S3 buckets (expected behavior).

Step 3: Grant S3 Permissions

In the IAM Console, attach the AmazonS3FullAccess policy to the IAM user.
Refresh the S3 Console for the IAM user.
The user can now list all buckets and access files within them.

Step 4: Restrict Access with Bucket Policies

Go to the S3 Console and select your bucket.
Navigate to the Bucket Permissions tab and locate the Bucket Policy section.
Click Edit and use the AWS Policy Generator to create a policy. Here's an example:
Save the policy.

Step 5: Verify Restrictions

Switch back to the IAM user.
Attempt to access the bucket or download files.
The user will now see an "Insufficient Permissions" error, even though they have S3 full access.

Scenario 2: Hosting a Static Website on S3

S3 provides a cost-effective way to host static websites.

Step 1: Prepare Your Website Files

Create or download a simple This_is_Munilakshmi.html file. (You can use W3Schools for sample templates.)

Step 2: Upload Files to S3

Create a new S3 bucket.
Upload the This_is_Munilakshmi.html file to the bucket.

Step 3: Enable Static Website Hosting

Go to the Properties tab of the bucket.
Scroll to Static Website Hosting and enable it.
Specify This_is_Munilakshmi.html as the Index Document.
Save changes.

Step 4 : Set Permissions for Public Access

Allow public access to the files:
- Go to the Permissions tab of your S3 bucket.
- Under Block public access (bucket settings), click Edit.
- Uncheck Block all public access to allow anyone to access your website files.
- Confirm the changes by clicking Save.

Configure bucket policy to allow public access:
- In the Permissions tab, click on Bucket Policy.
- Paste the following JSON policy to allow public read access to all objects in the bucket:
- Click Save changes to apply the policy.

Step 5: Access the Website

Copy the Bucket Endpoint provided in the Static Website Hosting section.
Open the URL in a browser to see your static website live.

Hands-On Exercise

Secure Your Bucket: Use the provided JSON policy to block access to your bucket for all users except yourself. Test it with multiple IAM users.
Host a Website: Create a simple static website using HTML, upload it to S3, and enable hosting.

Key Learnings

Bucket Policies are essential for controlling access to sensitive data.
Hosting static websites on S3 is a cost-effective solution for simple web applications.

Conclusion
We’ve explored how to effectively host static websites using Amazon S3. By understanding bucket policies, configuring static hosting, and testing deployment, you now have the foundational knowledge to host your own static websites on AWS. With the scalable and cost-effective features of S3, you can ensure reliable website delivery to users worldwide.

Keep experimenting, keep building, and let your curiosity guide you toward mastering AWS. Happy learning! 🚀