Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for bucket

May 13, 2019

AWS Glacier Setup via S3

You can setup AWS Glacier via S3 bucket replication. Create a S3 bucket and slap this bucket policy.

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::your-bucket-storage-name/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "10.0.0.0/8"
                }
            }
        },
        {
            "Sid": "DenyIncorrectEncryptionHeader",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::your-bucket-storage-name/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        },
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::your-bucket-storage-name/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}

{ "Version": "2012-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::your-bucket-storage-name/*", "Condition": { "IpAddress": { "aws:SourceIp": "10.0.0.0/8" } } }, { "Sid": "DenyIncorrectEncryptionHeader", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::your-bucket-storage-name/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }, { "Sid": "DenyUnEncryptedObjectUploads", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::your-bucket-storage-name/*", "Condition": { "Null": { "s3:x-amz-server-side-encryption": "true" } } } ] }

Add this policy to your IAM user or role.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::cah-callcopy-storage/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:List*",
                "s3:Get*"
            ],
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::cah-callcopy-storage/*" }, { "Effect": "Allow", "Action": [ "s3:List*", "s3:Get*" ], "Resource": "arn:aws:s3:::*" } ] }

Finally, add a lifecycle policy to move your files from Standard to Glacier storage type.

December 9, 2018

AWS CLI Create Bucket

Creating a bucket via the AWS Console takes only a few clicks. If you’re creating a bucket via shell script, you will need to use the AWS CLI (command line interface). So, here’s the script to create a S3 bucket via the AWS CLI within shell. Now the bucket name has to be globally unique similar to a domain name. If someone already has claimed it, you will need to use an alternative name.

aws s3api create-bucket --bucket bucket-name --region us-east-2 create-bucket-configuration LocationConstraint=us-east-2

aws s3api create-bucket --bucket bucket-name --region us-east-2 create-bucket-configuration LocationConstraint=us-east-2

  • « Previous Page
  • 1
  • 2
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021