An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
Five S3 functionalities that are only available through AWS CLI/SDK
During my learning, I discovered five S3 functionalities that are only available through the AWS CLI:
When working with S3 Versioning in Amazon S3 buckets, you can optionally add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. When you do this, the bucket owner must include two forms of authentication in any request to delete a version or change the versioning state of the bucket.
MFA delete requires additional authentication for either of the following operations:
Changing the versioning state of your bucket
Permanently deleting an object version
MFA delete requires two forms of authentication together:
Your security credentials
The concatenation of a valid serial number, a space, and the six-digit code displayed on an approved authentication device
In order to enable MFA, we need to follow the steps below.
Configure AWS Client
Create an AWS access key and then execute aws configure to set up your credentials.
This is not best practice for security purposes but we will use this for the current exercise only.
Command to enable MFA
213849 is the authentication token
[ec2user@some-ip ~]$ aws s3api put-bucket-versioning --profile default --bucket testbucketmfa --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "arn:aws:iam::XXXXXXXXXXXX:mfa/account-mfa-device 213849"
Command to disable MFA
[ec2user@some-ip ~]$ aws s3api put-bucket-versioning --profile default --bucket testbucketmfa --versioning-configuration Status=Enabled,MFADelete=Disabled --mfa "arn:aws:iam::XXXXXXXXXXXX:mfa/account-mfa-device 987543"
All objects in S3 are private by default. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects.
The commands below are using AWS CLI. We can also generate pre-signed URLs using AWS SDK.
aws s3 presign s3://testbucket202119/smiley.jpg --region ap-southeast-2
The above command will generate a URL, for example:
https://testbucket202119.s3.amazonaws.com/smiley.jpg?AWSAccessKeyId=AKIAYYDMCK6YRXWASPX2&Expires=1639901714&Signature=VGcqq8ilnCtkd8OTFJP4aMidqI4%3D
3. Upload files to S3 Glacier Vault
S3 Glacier Vault is a container for storing archives.
Command to create a vault
aws glacier create-vault --vault-name testvault --account-id [AccountId]
Command to upload an archive to a vault
aws glacier upload-archive --account-id [AccountId] --vault-name testvault --body HappyFace.jpg
4. S3 Multi Part Upload
Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object's data. You can upload these parts in any order.
In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.
We can either use s3 or s3 api. You can find more information at How do I use the AWS CLI to perform a multipart upload of a file to Amazon S3?
5. S3 Access point through VPC
Amazon S3 Access Points, a feature of S3, simplify data access for any AWS service or customer application that stores data in S3. With S3 Access Points, customers can create unique access control policies for each access point to easily control access to shared datasets.
The S3 console doesn't support accessing bucket resources using a virtual private cloud (VPC) access point. To access bucket resources from a VPC access point, use the AWS CLI, AWS SDK, or Amazon S3 REST API.
Acknowledgements
Stephane Maarek's- Ultimate AWS Certified SysOps Administrator Associate 2021 on Udemy
AWS Tutorial - S3 Glacier Series - Part 2 of 8 - Create Vault using CLI & Console by
NamrataHShah
Please let me know your thoughts in the comments.
Original Link: https://dev.to/kasukur/five-s3-functionalities-that-are-only-available-through-aws-clisdk-4p4i
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To