On AWS, when we talk about company security, we talk about databases, applications, and sensitive files. For Databases we have RDS, for Application code we have CodeCommit, and for files we have S3. In this blog, we will cover S3 (Simple Storage Service), how to use it, use cases, best practices, and some real-life examples.
What is Amazon S3?
S3 is a proprietary AWS technology, which is used to store and retrieve files in a simple way (hence the name simple storage), but don't let the word "Simple" fool you. S3 is heavily secure and scalable just like any other AWS technology.
What makes S3 the go-to solution to store files?
I don't want to bore you, so let's keep it simple.
So now that you know some S3 benefits, let's dive into the fun!
Prepare your S3 environment
There are some terms you need to get familiar with first:
Bucket: Unique logical storage space for your S3 resources to be allocated
IAM permission: Is the permission for the AWS user to access S3 buckets (1 or more)
1.Go to your AWS account and look for S3
2. Once inside you will create your new Bucket to store all your files. Keep in mind these rules.
a. Bucket name should be unique; this means if another AWS account is already using that bucket name, you won't be able to create it.
b. Lowercase only. For demonstration purposes, we will use the name "clickits3demo".
c. You need to specify a region where your bucket will be serving the files, choose something close to reduce latency.
3. We’re not covering advanced features on properties, so you can skip that, hit next.
4.Review the Bucket permissions, by default the owner of the account, has full access to it and there is no public access. Leave it as it is for now.
Using AWS S3 from the Terminal
AWS can also be used from the terminal, this is very useful if you want to access your items from your instances without a Graphical User Interface. For that, we will need to install python, python-pip and awscli.
Here I’ll explain the steps for Ubuntu (Amazon AMI already has awscli installed)
$ sudo apt-get install python-pip $ sudo pip install awscli
After that, you’ll need to set your credentials for awscli to work. These credentials are the “AWS Access Key” and “AWS Secret Key”. These credentials were obtained when you created the user; if you don’t have them you can create new credentials by going to IAM > Users > your_username > Security Credentials > Create Access Key.
Once you have your credentials you will run this:
$ aws configure --profile s3access
- Keep in mind the profile name can be whatever you want
$ aws configure --profile s3access AWS Access Key ID [None]: AKIAI5MH37Hxxxxxx AWS Secret Access Key [None]: My$uP3rDup3rS3cr3tPa$$w0rd Default region name [None]: eu-west-1 Default output format [None]:
After this, you will be able to access your kitty images on S3 like this!
$ aws s3 ls s3://clickits3demo --profile s3access 2018-02-02 14:17:21 126750 cute-kitty.jpg
You can check the available commands for the cli by doing
$ aws s3 help
S3 is a super reliable storage service that can be used not just to save files, but also make your applications deliver them, that way you can have a centralized storage service without the need of actually managing one. That’s what makes S3 the go-to solution for most of the companies.
Simple, Scalable, but robust.