Amazon S3 (Simple Storage Service) is a cornerstone of cloud storage, offering scalable, secure, and durable object storage. This guide walks you through creating your first bucket and applying essential security measures.
Step 1: Create an S3 Bucket
- Sign in to the AWS Management Console and open the S3 service.
- Click Create bucket.
- Enter a globally unique bucket name (e.g.,
my-first-bucket-2026). - Choose a region closest to your users for lower latency.
- Leave default settings for Object Ownership and Block Public Access (recommended for security).
- Click Create bucket.
Step 2: Configure Security Settings
- Block Public Access: By default, all public access is blocked. If you need public access (e.g., for a static website), adjust these settings cautiously.
- Bucket Policy: Use a JSON policy to grant cross-account access or specific permissions. Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-first-bucket-2026/*"
}
]
}
Warning: Public buckets can lead to data exposure. Always validate policies with the IAM Access Analyzer.
Step 3: Upload Objects
- Open your bucket and click Upload.
- Add files or folders, then set permissions (private by default).
- Click Upload to finish.
Step 4: Enable Versioning (Optional but Recommended)
- Go to the bucket's Properties tab.
- Under Versioning, click Enable.
- This protects against accidental deletions and allows recovery of previous versions.
Best Practices
- Enable encryption at rest using SSE-S3 or SSE-KMS.
- Use IAM roles for applications instead of long-term keys.
- Monitor access with AWS CloudTrail and S3 Server Access Logs.
- Set lifecycle policies to transition infrequently accessed data to colder storage tiers (e.g., S3 Glacier).
By following these steps, you can securely store and manage data in S3, whether for backups, static website hosting, or application storage.