CloudAcademy

Using S3 Bucket Policies and Conditions to Restrict Specific Permissions

The hands-on lab is part of these learning paths

Security - Specialty Certification Preparation for AWS

course-steps 21 certification 1 lab-steps 11

Scenario: Migrating From an End-of-Life Data Center to AWS

course-steps 6 certification 1 lab-steps 8 quiz-steps 2

SysOps Administrator – Associate Certification Preparation for AWS

course-steps 6 certification 1 lab-steps 18 quiz-steps 7

Lab Steps

keyboard_tab
lock
Logging in to the Amazon Web Services Console
lock
Create an S3 bucket
lock
Create a Bucket Policy in S3 with IP Address Conditions
lock
Create a Bucket Policy in S3 with Encryption Conditions

Ready for the real environment experience?

DifficultyBeginner
Duration1h
Students1118

Description

Create and Apply S3 Bucket Policies with Conditions to Restrict Specific Bucket Permissions

Being able to restrict and grant access to specific S3 resources is fundamental when implementing your security procedures. There are various methods that can be used to achieve this, one of which is to implement bucket policies. Bucket policies are applied directly to a bucket within S3 itself and apply to that bucket only.  

To make your bucket policy even more effective, you can apply specific conditions as to when the effects of that Policy should apply. There are a many conditions you can base your bucket policy upon, and the AWS documentation provides greater insight into these here.

This Lab will guide you through the bucket policy creation process with the use of the AWS Policy Generator

You will create and test two different bucket policies:

1. Configure a bucket policy that will restrict what a user can do within an S3 bucket based upon their IP address

2. Configure a bucket policy to only allow the upload of objects to a bucket when server side encryption has been configured for the object

 

Do you have questions about this Lab? Contact our cloud experts by sending an email to support@cloudacademy.com.

About the Author

Students34012
Labs1
Courses38
Learning paths13

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to more recently cloud architecture and implementation.

He is a Certified Data Centre Design Professional (CDCDP), with his latest achievements gained within the Amazon Web Services (AWS) field.

He currently holds the AWS Certified Solutions Architect - Associate certification as well as accreditations as an AWS Business and Technology Professional and in TCO and Cloud Economics.

In January 2016 Stuart was awarded 'Expert of the Year Award 2015' from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.