🌩️ Day 24 of 30 Days DevOps Interview Preparation Challenge

Tathagat GaikwadTathagat Gaikwad
4 min read

Series: 30 Days DevOps Interview Preparation
Author: Tathagat Gaikwad

Topic: Add S3 + IAM Role via Terraform

πŸ“– Introduction

Welcome to Day 24 of the 30 Days DevOps Interview Challenge!
Today, we are focusing on provisioning AWS S3 Buckets and IAM Roles with Terraform.

Why is this important?

  • S3 is the backbone of many AWS services (storage, logs, static sites, backups).

  • IAM Roles + Policies are critical for secure access management.

  • As a DevOps engineer, you must automate provisioning using Terraform instead of manual console work.

In this blog, we will:
βœ… Learn theory of S3 & IAM
βœ… Understand interview Q&A
βœ… Write Terraform code inside VS Code
βœ… Apply security best practices

πŸ”Ž Theory

πŸ“Œ What is AWS S3?

  • Object storage service.

  • Stores files, logs, backups, static websites.

  • Data is stored in Buckets.

  • Security: encryption, versioning, access policies.

πŸ“Œ What is IAM Role?

  • An identity with permissions, but without permanent credentials.

  • AWS services (like EC2, Lambda) assume roles to access other services securely.

  • Roles are preferred over IAM users (no hardcoded keys, temporary tokens).

πŸ“Œ IAM Policy

  • A JSON document defining permissions (Allow or Deny).

  • Example: An EC2 Role with S3 read-only permissions.

πŸ“Œ Why Terraform for S3 + IAM?

  • Infrastructure as Code (IaC).

  • Version control + consistency.

  • Easier rollback + security enforcement.

πŸ’‘ Interview Q&A

Q1. Why prefer IAM Role over Access Keys?
πŸ‘‰ Roles provide temporary credentials, automatically rotated by AWS. No risk of key leaks.

Q2. How to secure S3 buckets?
πŸ‘‰ Disable public access, enable encryption (AES-256 or KMS), enable versioning, and apply least privilege IAM policies.

Q3. What happens if you attach AdministratorAccess to an IAM Role?
πŸ‘‰ It grants full AWS account permissions – which is against least privilege. Instead, create fine-grained policies.

Q4. How does Terraform manage IAM changes?
πŸ‘‰ Terraform state tracks resources. If policy changes, Terraform updates IAM roles automatically.

πŸ› οΈ Practical: Provision S3 + IAM Role with Terraform (using VS Code)

βœ… Prerequisites

  • AWS Account

  • IAM User with programmatic access

  • Terraform installed (Guide for Windows/Linux)

  • VS Code editor with Terraform extension

Step 1: Open VS Code

Create a new project folder:

mkdir terraform-day24-s3-iam
cd terraform-day24-s3-iam

Step 2: Provider Configuration

Create main.tf in VS Code:

provider "aws" {
  region = "us-east-1"
}

Step 3: Create S3 Bucket

resource "aws_s3_bucket" "devops_bucket" {
  bucket = "devops-challenge-day24-bucket"

  tags = {
    Name = "DevOps-Day24"
  }
}

Step 4: IAM Role + Policy

# IAM Role
resource "aws_iam_role" "ec2_role" {
  name = "ec2-s3-access-role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect = "Allow"
      Principal = { Service = "ec2.amazonaws.com" }
      Action = "sts:AssumeRole"
    }]
  })
}

# IAM Policy for S3 Read-Only
resource "aws_iam_policy" "s3_read_only" {
  name        = "S3ReadOnlyPolicy"
  description = "Allow read access to S3 bucket"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action   = ["s3:GetObject"]
      Effect   = "Allow"
      Resource = "${aws_s3_bucket.devops_bucket.arn}/*"
    }]
  })
}

# Attach Policy to Role
resource "aws_iam_role_policy_attachment" "attach" {
  role       = aws_iam_role.ec2_role.name
  policy_arn = aws_iam_policy.s3_read_only.arn
}

Step 5: Initialize + Apply

Run in terminal:

terraform init
terraform plan
terraform apply -auto-approve

Step 6: Verify

  • Go to AWS Console > S3 β†’ Check bucket created.

  • Go to IAM > Roles β†’ Check role with attached policy.

πŸ” Security Best Practices

βœ” Enable S3 bucket encryption (AES-256 or KMS).
βœ” Avoid public bucket access unless explicitly required.
βœ” Use IAM Roles instead of hardcoding credentials.
βœ” Follow least privilege principle when writing policies.
βœ” Always version-control Terraform code in GitHub.

πŸ“Œ Key Takeaways

  • Terraform makes S3 + IAM provisioning automated & consistent.

  • Use IAM Roles over Users for security.

  • Policies should always be least privilege.

  • DevOps Interview Tip: Be ready to write or explain Terraform IAM/S3 code.

πŸ‘‰ What’s your approach to securing S3 + IAM policies in production – Manual audit, Terraform, or AWS Config? Drop your thoughts!

#DevOps #AWS #Terraform #S3 #IAM #Cloud #InterviewPreparation #30DaysOfDevOps

0
Subscribe to my newsletter

Read articles from Tathagat Gaikwad directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Terraformterraform-cloudterraform-stateAWSHashnodeBloggingtechblogdocumentationDevops#Devopscommunity

Written by

Tathagat Gaikwad
Tathagat Gaikwad