Day 3-AWS S3 Static website Hosting with IAM and AWS CLI

Aishwarya UpareAishwarya Upare
7 min read

Today we are exploring the aws services like S3, IAM, AWSCLI

So let’s start from S3 (simple storage service)AWS services where we are making our first s3 bucket and there configuration. First go to Amazon S3 bucket select create bucket.

Then select region where you want to create the bucket and give the name of the bucket remember every bucket you make have unique name. Bucket name never be repeated.Select region also where you want make bucket.

There are two types of bucket general purpose and directory we are selecting here General purpose. Object ownership means who can see your file in the bucket. Object means file in the bucket. Here we are selecting ACLs(Accesss control list) disabled because its amazon aws service recomended.

There are two types of access in S3 public access and private access. We are exploring thats why we used public access for study purpose. We are making new bucket so we dont have any past version of bucket so we used disable here.

there is tag also , If you want to give tag you can otherwise its ok. But its just for coasting purpose. Now Select in encryption part server side encryption with Amazon S3 managed keys (SSE-S3). select enable bucket key and finally click to Create bucket.Your Bucket is ready.

Now your bucket is empty so we have add files or folder here

Go to upload opation and add files or you can drag aslo files and folder the upload

click on file and then go to open

As you see the url its store in S3 bucket and mention there region also. Here our basic part is done.

If you want to delete the file in bucket you can delete it and if you want to delete the bucket first you have to delete object in the bucket (means file in the bucket) then only you can delete the bucket.

Here you can see the object deleted.

Here you can see bucket deleted.

Now we are making our static website hoasting using S3, AWS CLI and IAM so lets deep dive into it.

lets create new bucket with as per your choice I made with “aws-static-website11” the procedure is same we did first for bucket creation. Now go to properties of bucket and scroll down at last you will get static web hoasting option click on edit. You will get multiple option. For creating webpage they all are index.html home page for static website.

our home page is index.html and if on our website is any error like 404 page not found then we make error.html file, so we have to add this both file in bucket which we created. If we search on page home so its redirect to index.html page. For that we have redirection rule so we have to created this.

Now our static website url is ready

when we go to url error found like

but our url is showing like this becouse we are not giving the permission to access this files. So go to the permission and give the bucket policy. The bucket policy is in JSON format.

There are two options policy example and policy generator. Here we are using policy generater. select first step S3 bucket policy.

Now add statement and generate policy and copy that and paste to policy.

after doing this process check our side is working or not

then we have to add in our bucket object the index.html file and error.html file

then go to your url for website is working now

when page found 404 error then click to back to home page you will be go on earlier home page. And its done.

Here our one part is done now next deep dive in another AWS service IAM Identity and access management.

In AWS, IAM (Identity and Access Management) is a global service that allows you to securely control access to AWS resources. IAM lets you manage users, groups, roles, and policies to grant or restrict permissions.

ComponentDescription
UsersIndividual identities with long-term credentials to interact with AWS services (e.g., developer, admin).
GroupsCollection of users with shared permissions (e.g., Admins, Developers).
RolesTemporary access with specific permissions, assumed by users, applications, or services. Useful for EC2, Lambda, etc.
PoliciesJSON documents that define permissions. Attached to users, groups, or roles.
Identity Providers (IdP)Integrate with external identity systems (e.g., SAML, OIDC) for single sign-on (SSO).
Access KeysUsed for programmatic access via CLI or SDK. Should be rotated regularly.
MFA (Multi-Factor Authentication)Extra layer of security using authentication apps or hardware tokens.
Service Control Policies (SCP)Used in AWS Organizations to manage permissions across accounts.
Permission BoundariesSet the maximum permissions a user or role can have.

Lets start the , when root user make another user with list privilage of the permission for AWS console ist called user, Now go to user -create user-give name-as per show in the ss select options

click on Next , Then we have to attached policy here

Here our user created with attached policy. Policy means give access permission to use services in AWS.Now user created you can download csv file or send an email to user. This services also given by AWS . You can see at top right downloaded csv file.

Now you can open the sign in url in different browser and change the password for that user

Now add old password which is by default and then add new password . Conform password change it. Your password has been change.

Here you can see Aish user console with list privilage (limited permission to use other AWS services)

Now we Identity providers means In AWS, Identity Providers (IdPs) are external systems that manage user identities and authentication, allowing users to access AWS resources without needing separate AWS accounts or credentials

so you can add third party services also like github etc.

Next go with Roles in IAM.

click on Create Role

Here select AWS services and in use case EC2 then click next and here I am giving the RDS full access that means when ,I give this role to any other EC2 instances they can access RDS in simple way.

Now we are looking more security practices because security is major priority.

Now I am going to IAM services then user Aish then security credentials

then next your MAF is set up if someone stole the password the account only open with MAF key. This is the best way to secure the account.

As we know how to make EC2 instances and connect to through ssh, If you want to know go to previous post I explained there. Now lets install AWS CLI in our system.

AWS CLI is command line tool that allow us to connect different AWS services and manage through AWS CLI.

connect instance through ssh

Here we are using ubuntu server

Here we setup AWS CLI and from that we are manage our service

Now we have create secret access key so we have to go IAM - users- access key -create access key

Select AWS CLI so we manage our services

then next and our access key created you can download the csv file as you can see screen shot

After configuration you can see , we can see the bucket object now here we download in our local the index file.

Here we change the title of our page you can see

Here you can see how we manage S3 bucket object through CLI we can download and upload the file very easily.

Here our use case is from EC2 we copy data in S3 bucket by using AWS CLI .

0
Subscribe to my newsletter

Read articles from Aishwarya Upare directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Aishwarya Upare
Aishwarya Upare