noqqe » blog | sammelsurium | photos | projects | about

AWS S3

2020-09-24 @ AWS

Ein paar Kniffe und Tricks für AWS S3

Dinge auf die man achten möchte:

  • Lifecycle Rule
  • Serverside Encryption (KMS vs AES)
  • Versioning
  • Public Access (Block)
  • Access Logging

Alle Objekte eines Buckets in Glacier finden:

aws s3api list-objects \
  --bucket --query 'Contents[?StorageClass==`GLACIER`]'`

Alle bestehenden Objekte mit KMS Verschlüsseln

aws s3 cp --recursive --sse aws:kms \
  --sse-kms-key-id arn:aws:kms:eu-central-1:... s3://<bucket>/ s3://<bucket>/

Download eines ganzen Ordners

aws s3 cp --recursive \
  s3://<bucket>/AWSLogs/elasticloadbalancing/eu-central-1/2020/08/12/ logs/

Terraform


module "s3bucket-bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
  version = "1.6.0"

  bucket        = "bucket-${local.environment}-${local.region}"
  acl           = "private"
  force_destroy = false

  logging = {
    target_bucket = local.log_bucket
    target_prefix = "s3/bucket-${local.environment}-${local.region}
  }

  block_public_acls   = true
  block_public_policy = true

  lifecycle_rule = [
    {
      abort_incomplete_multipart_upload_days = 7
      enabled                                = true
      id                                     = "moveToIntelligentTieringAfter7Days"
      transition = [
        {
          days          = 7
          storage_class = "INTELLIGENT_TIERING"
        }
      ]
    },
    {
      abort_incomplete_multipart_upload_days = 0
      enabled                                = true
      id                                     = "removePreviousVersionsAfter90Days "
      noncurrent_version_expiration = {
        days = 90
      }
    }
  ]

  versioning = {
    enabled = true
  }

  server_side_encryption_configuration = {
    rule = {
      apply_server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }
  }

  # Bucket Name
  tags = merge(
    local.common_tags,
    {
      "Name" = "bucket-${local.environment}-${local.region}"
    },
  )
}