Skip to content
hands-on lab

Building a Serverless Versioning Solution for Amazon S3 Bucket Policies

Beginner
Up to 1h
53
Start lab
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Amazon S3 bucket policies are used to secure access to objects within an S3 bucket. These bucket policies are put in place to only allow bucket access to users with appropriate permissions. As a project or team grows, these policies may require updates to the permissions, which means updating the S3 bucket policy.

Versioning allows teams to maintain a history of changes made to S3 bucket policies, with the added benefit of being able to restore previous policy versions if the need arises.

In this lab, you will create a backup and restore solution for Amazon S3 bucket policies. You will build a serverless architecture that utilizes Amazon EventBridge, Amazon DynamoDB, and AWS Lambda to register and restore S3 bucket policies whenever a new version is created.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Create an Amazon EventBridge rule to target an Amazon S3 management event
  • Define an AWS Lambda function that registers S3 bucket policies in DynamoDB
  • Define an AWS Lambda function that restores S3 bucket policy versions from DynamoDB

Intended audiences

  • Candidates for AWS Certified Developer - Associate Certification
  • Cloud Architects
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • Amazon EventBridge
  • Amazon Simple Storage Service (S3)
  • AWS Lambda
  • Amazon DynamoDB

The following content can be used to fulfill the prerequisites:

 

Updates

April 5th, 2024 - Updated the instructions and screenshots to reflect the latest UI

December 7th, 2023 - Updated DynamoDB configuration

 

Environment before
Environment after
About the author
Avatar
Jun Fritz, opens in a new tab
Cloud Labs Developer
Students
39,492
Labs
106
Courses
1
Learning paths
6

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics
NoSQL
Messaging
Serverless
Development
Storage
Monitoring
Databases
Compute
Amazon Web Services
Development for AWS
Compute for AWS
Storage for AWS
Monitoring for AWS
Databases for AWS
Amazon EventBridge
AWS Lambda
Amazon DynamoDB
Amazon S3
Lab steps
Logging In to the Amazon Web Services Console
Targeting an S3 event using an Amazon EventBridge rule
Registering bucket policies with AWS Lambda
Triggering a Lambda function with an S3 event
Restoring bucket policies with AWS Lambda