Using S3 Bucket Policies and Conditions to Restrict Specific Permissions

Creating an Amazon S3 Bucket

Lab Steps

Logging In to the Amazon Web Services Console

Creating a Bucket Policy in Amazon S3 with IP Address Conditions

Create a Bucket Policy in S3 with Encryption Conditions

Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

You can create an S3 bucket using the S3 management console. As with many other AWS services, you can also use the AWS API or CLI (command-line interface) as well. This lab uses the AWS console.

Instructions

1. In the AWS Management Console search bar, enter S3, and click the S3 result under Services:

alt

You will be placed in the S3 console.

2. From the S3 console, click Create bucket:

alt

3. Under General configuration, enter the following values:

Bucket name: Enter a unique name beginning with
- Add some random letters and numbers to make the bucket name unique
AWS Region: Ensure US West (Oregon) us-west-2 is selected

alt

Amazon S3 Bucket names must be globally unique and DNS compliant. To read more about limitations on bucket names, visit the AWS documentation.

4. Make sure to select ACLs Enabled

5. Leave the Block public access (bucket settings) at the default values:

alt

No changes are needed. This is where you can set more granular permissions tied to your S3 objects. This includes setting permissions at the user and group level.

6. To finish creating your bucket, scroll to the bottom, and click on Create bucket.

If you see an error about the bucket name, add some random letters and numbers to the end of your bucket name.

Summary

In this lab step, you created an Amazon S3 bucket.

Validation checks

1Checks

Created an Amazon S3 Bucket

Check if the Amazon S3 bucket has been created

Amazon S3