This exercise is designed to give you hands-on experience with managing AWS S3 buckets through both the AWS Management Console and Terraform. It will cover creating and deleting buckets manually, uploading files, and then automating these processes with Terraform, including enabling encryption.
- Log in to the AWS Management Console with your credentials.
- Navigate to the S3 service page.
- Click on Create bucket.
- For the bucket name, use a unique name that can be easily identified as yours (e.g., your AWS credentials or a variation of your name).
- Select the
eu-west-1
region to you for the bucket. - Leave the default settings, and click Create at the bottom of the page.
- After creating your bucket, click on its name to open it. Or Press the "View details" in he green confirmation bar on the top of the screen.
- Click on Upload.
- Click on Add files, and select a file from your computer to upload.
- After adding the file, click on Upload at the bottom of the page.
- Navigate back to the main S3 page where all buckets are listed.
- Select the bucket you created by clicking the checkbox next to its name.
- Click on Delete.
- Take not of the warning "This bucket is not empty", click the "Empty bucket"
- You will be asked to confirm the bucket deletion by entering its name. Or "Permanently delete". Do so, then click Confirm.
- You will do this part in your Cloud9 environment. From the AWS menu, find the "Services" Icon, and find Cloud 9
- You will see an environment with your seat number on it. Clik the "open" link
Spend a few moments to familirise yourself with Cloud9, a capable web based IDE.
Unfortunately Cloud9 no longer comes with Terraform installed, so we have to install it
wget https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_linux_amd64.zip
unzip terraform_1.6.4_linux_amd64.zip
sudo mv terraform /usr/local/bin/
Instead of creating a bucket manually, we'll now see how we can do the same from Terraform.
Create a new Terraform file (s3_bucket.tf
) in your Cloud 9 editor with the following content:
provider "aws" {
region = "eu-west-1"
}
resource "aws_s3_bucket" "my_bucket" {
bucket = "your-unique-bucket-name"
}
- Go to the terminal window on the bottom of the Cloud 9 environment.
- Run
terraform init
to initialize the Terraform workspace. - Run
terraform plan
to see the actions Terraform will take based on your configuration.
- Run
terraform apply
and typeyes
when prompted to create the bucket. - Run
terraform plan
again, and see that there is no change
- To navigate to the AWS Management Console from Cloud 9, press the Cloud9 Icon in the upper left corner and press "Go to your Dashboard"
- Manually upload a file to the bucket through the AWS Management Console, as described in Part 1, Step 2.
In AWS all resources can have Tags, key value pairs that can make it easier to find and categorise resources
- Modify the
s3_bucket.tf
file to enable server-side encryption by adding the following block inside theaws_s3_bucket
resource:
tags = {
Environment = "Dev"
}
You can also add this resource to get autmatic deletion and transitions to colder storage over time
resource "aws_s3_bucket_lifecycle_configuration" "my_bucket_lifecycle" {
bucket = aws_s3_bucket.my_bucket.id
rule {
id = "my-lifecycle-rule"
status = "Enabled"
transition {
days = 30
storage_class = "STANDARD_IA"
}
expiration {
days = 365
}
noncurrent_version_transition {
noncurrent_days = 30
storage_class = "STANDARD_IA"
}
noncurrent_version_expiration {
noncurrent_days = 365
}
}
}
- Run
terraform plan
andterraform apply
to add the tags
Observe that during the plan phase, Terraform wil output the changes needed to reach the desired state. The ~ sign means that a resource will change, a +/- means that a resource will be replaced. a + means that a resource will be removed, and a + that a resource will be created.
- Use the AWS CLI to empty the bucket:
aws s3 rm s3://your-unique-bucket-name --recursive
- Run
terraform destroy
to remove the bucket and all its configurations.