2. Introduction
• AWS, the Amazon Web Services offer a wide range of
solutions for networking, storage, database,
deployment & management, mail & messaging etc.
• These services are highly scalable, efficient, secure,
reliable, flexible and COST EFFECTIVE.
• Some of the services are:
– Amazon S3 (Simple Storage Service)
– Amazon SimpleDB
– Amazon Elastic Beanstalk
– Amazon Route 53
– …
3. Amazon S3
• Amazon S3 (Simple Storage Service) is a storage for
Internet.
• It provides simple web services interface that can be
used to store and retrieve any amount of data, at
anytime, from anywhere, on the web.
• Without an additional server for storage, it offers
high scalability, reliability, security and its fast and
inexpensive.
4. Data Security
• S3 provides various mechanisms to provide security
at all levels in the form of IAM policies, ACLs, bucket
policies, and query string authentication.
• IAM enables to create and manage user and their
access to contents in organizations with multiple
employees.
• ACL allows selective access to resources.
• Bucket policies can be used to allow or deny
permissions across some contents or whole bucket.
• Query string authentication allows secure https URLs
that allow access for a duration of time.
5. Terminology
• There are various terms used in S3 which are
to be understood in order to use S3
effectively.
• Some of those terms are –
– Bucket and Objects
– ACLs
– Permission, Statement and Policy
– Principal, Action and Resource
– …
6. Basic Steps
• The basic steps for using Amazon S3 are –
– Sign Up for Amazon S3
– Create a bucket
– Add an Object to a Bucket
– View an Object
– Move and Object
– Delete an Object and a Bucket
7. Bucket and Objects
• A bucket is a container for objects stored in Amazon
S3.
• An object is a fundamental entity stored in Amazon
S3.
• Contents of bucket are provided some version IDs,
which are disabled by default.
• Every object consists of –
– Data
– Key
– Metadata
– Version ID
8. Bucket and Objects (cont…)
• A key is a name that is assigned to an object when its
uploaded. To download an object, we use the key.
• Version ID uniquely identifies an object, which is
generated when an object is uploaded.
• Metadata is a set of name-value pairs with which
you can store information regarding object. Ex.,
– Content length
– Content type
– Content encoding
– Expires
9. Access Control
• Access to resources is controlled by various
mechanisms, at all the levels using either resource-
based or user-based.
• For this, we can use IAM Policies, ACLs and Bucket
policies, or using these together.
• We can also use URLs which are created to provide
access to resources based on time and users.
10. Permission
• Permission is the concept of allowing or disallowing
some access to a particular resource. The format is –
– A is/isn’t allowed to do B to C where D applies
o A – User
o B – Action
o C – Resource
o D – Condition/Range
11. Statement and Policy
• Statement is the description of a single
permission, written in Access Policy Language
(APL)
• Policy is a JSON document containing one or
more such statements.
12. Principal and Action
• Issuer is the person who writes policy to grant a
permission for a particular resource (Resource
Owner).
• Principal is person/persons who receive permission
in the policy.
• Action is the activity the principal has permission to
perform.
• Resource is the bucket of object the principal is
requesting access to.
13. Requestor and Evaluation
• Requestor is a person who sends a request to
AWS service and asks for access to a particular
resource.
• Evaluation is a process used by AWS service to
determine if an incoming request should be
denied or allowed based on applicable
policies.
14. Resource Behavior
• Effect is the result you want a policy statement to
return at evaluation time.
• Default Deny – This is the default result from a policy
in absence of an allow or explicit deny.
• Allow – Effect = Allow for a resource or a user upon
an action performed.
• Explicit Deny – Effect = Deny for a resource or a user
upon an action performed.
• An explicit deny always overrides an allow.
15. Tools for S3
• S3 can be used through various tools and plugins.
Some of them are –
– Amazon Console: https://console.aws.amazon.com/s3/home
– IDE plugin such as AWS plugin for Eclipse IDE:
http://aws.amazon.com/eclipse/
– S3 Organizer as an addon in Firefox:
https://addons.mozilla.org/en-US/firefox/addon/amazon-s3-organizers3fox/
– Cloudberry S3 Explorer:
http://www.cloudberrylab.com/free-amazon-s3-explorer-cloudfront-IAM.as