Explore AWS S3 - Amazon Web Services (AWS) Tutorial

- We're going to start with S3. S3 is deceptively simple. It is a place that Amazon will store your files. So I'm going to go through the two levels. First, just going to click on the blue Create Bucket. And I'm going to call this demo two, demo langit. This has to be unique name. I'm going to set a starter region for the information and notice you can set the various region. Now that information, the files that you put here are going to be replicated many, many times. But this is the first location they're going to go to. And I'm going to click Create. And now I'm going to search for this. And I'm going to see that objects can be made public, it's in East and I have no folder. So I'm going to create a folder, I'm going to call it Input. Notice there's no encryption, and I'm going to click Save. Now I'm going to go into that folder, and I'm going to upload a file and I'm just going to take a CSB file from my examples from GitHub. And I'm just going to click Upload. Now, this is the way many people start with S3. And it's okay, it will get your file up there. And you can see, here's the file information. But there are several problems with this approach for anything other than either just quick testing, or, you know, training for familiarity. And these problems get into production. So I want to dig a little bit deeper, and I want to go ahead and look at this bucket that we made. So if we go back to this bucket, we can see that there are five tabs here. And the first thing that we're going to look at are the properties. Now we skipped through when we created the bucket, there were actually four steps to the UI. And I would highly recommend, that when you create a bucket you actually go through the steps. Because it'll give you these various options such as turning on Versioning. Now you might say, well, this just seems like it should be turned on. Why would this even be an option? And the reason for this, I'm going to go ahead and turn it on now. And you can see it's enabled, is that it adds cost. Now, for many of us, when we first start working with S3, we don't have a lot of files up there. There are some exceptions. And it kind of grows over time. So I find with customers, they just go with the defaults. And what happens is, first of all, they're not using the service as it's fully capable, and getting the best value for their business. And second, sometimes that just runs into some problems and challenges. Now, in the case of versioning, because it's turned off, if you assume that it's turned on, that's an obvious problem. You can see in here we have the ability to set up more advanced logging. And this will sometimes cause challenges for customers too, because they'll have some sort of compliance requirement around these files because it's their data. And although there's basic CloudWatch monitoring, their expectation is they want to have more advanced logging. Why this is not turned on, is because it adds overhead and it costs money. In this case, if you want an object level access logging, because you needed it, like who looked at the file basically, you would turn on a service called CloudTrail, you'd have to create a trail, and then you would say which events. This is really powerful. Again, moving beyond thinking of S3 as just a replacement for a file server is really a starting point. Now, understanding these properties is important. But the most important thing is the permissions. There have been a lot of embarrassing incidents where S3 bucket settings were configured to public. This should really only occur for demo scenarios. And Amazon has been changing the interface and changing the defaults. In fact, this is relatively recent. They are blocking all public access by default. And if you want to change that, then they're going to give you a bunch of warnings. They're going to say, Do you really want to do this? You have to confirm it. And if I confirm that this is going to be public, this is all relatively new. Then, when I go out to the console, you can see it shows me objects can be public. Now in addition to this, when you're moving to production, you're going to want to set your access control list. And this is through an IM policy and your bucket policy. And if you're accessing files from an application, then you're going to set Cross Origin Resource Sharing or CORS. So setting up the security, I find, unfortunately, is often done wrong. I've actually made separate courses in the library on AWS security all around IM rules and policies, and I recommend you take a look when you move to production. In terms of management, you can add lifecycle rules and we'll get into that when we look at the different storage classes in a subsequent movie. And then a new capability is access points. And the idea here is, providing access through VPC's on the Amazon cloud. So again it has to do with security. So really super important when you are making a bucket. So we'll go back into the Create bucket, and we'll call this demo three. Has to be unique name that's why I'm adding my name here. Instead of clicking Create, I recommend that you start by going through all these options and reading them, and making sure you understand whether they're necessary when you move to production. I'm going to go with the defaults on this one. And you can see under permissions, again, has this block permission, turns it off, you really have to have a good business reason for doing this. And then at the end you get the review of everything. So at the very minimum if you start with that, that's a good way to start with working with S3.