Ein paar Kniffe und Tricks für AWS S3
Dinge auf die man achten möchte:
- Lifecycle Rule
- Serverside Encryption (KMS vs AES)
- Versioning
- Public Access (Block)
- Access Logging
Alle bestehenden Objekte mit KMS Verschlüsseln
aws s3 cp --recursive --sse aws:kms \
--sse-kms-key-id arn:aws:kms:eu-central-1:... s3://<bucket>/ s3://<bucket>/
Download eines ganzen Ordners
aws s3 cp --recursive \
s3://<bucket>/AWSLogs/elasticloadbalancing/eu-central-1/2020/08/12/ logs/
Terraform
module "s3bucket-bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "1.6.0"
bucket = "bucket-${local.environment}-${local.region}"
acl = "private"
force_destroy = false
logging = {
target_bucket = local.log_bucket
target_prefix = "s3/bucket-${local.environment}-${local.region}"
}
block_public_acls = true
block_public_policy = true
lifecycle_rule = [
{
abort_incomplete_multipart_upload_days = 7
enabled = true
id = "moveToIntelligentTieringAfter7Days"
transition = [
{
days = 7
storage_class = "INTELLIGENT_TIERING"
}
]
},
{
abort_incomplete_multipart_upload_days = 0
enabled = true
id = "removePreviousVersionsAfter90Days "
noncurrent_version_expiration = {
days = 90
}
}
]
versioning = {
enabled = true
}
server_side_encryption_configuration = {
rule = {
apply_server_side_encryption_by_default = {
sse_algorithm = "AES256"
}
}
}
# Bucket Name
tags = merge(
local.common_tags,
{
"Name" = "bucket-${local.environment}-${local.region}"
},
)
}