Exercise 1: Exploring Amazon S3

Natasha Ong
This is some text inside of a div block.
4 min read

Exercise Overview:

In this exercise, you'll:

  • Create an Amazon Simple Storage Service (Amazon S3) bucket configured to block off all public access.
  • Upload an object (image, document, video, etc.).
  • Try to access the object. You'll see that you have access denied! 🚷
  • Make the object public. Now you can finally access it.


By the end of this exercise, you should be able to do the following:

  • Upload an object to an S3 bucket.
  • Make the object public, and access it.

Task 0: Accessing the AWS Management Console

  1. Sign in to your IAM user and open the AWS Management Console.

Task 1: Create an S3 bucket

Let's start by creating our very first S3 bucket. 🪣

  1. Go to the Amazon S3 console.
  2. You can find it by clicking Services at the top-left, navigating to the Storage category, and selecting S3.
  3. Alternatively, you can search for S3 using the search box.
  4. Once you're in the S3 console, click Create bucket at the top-right.
  5. On the Create bucket page, under General configuration:
  6. Choose a unique Bucket name. Keep in mind that bucket names must be unique across all AWS accounts and regions, so simple names are often already taken. For example, you can use a unique name like myfirstbucket82464329083.

7. Under Object Ownership, select the radio button ACLs enabled.

You'll learn more about ACLs (Access Control Lists) later in the course, but here's a teaser:
An ACL = a set of rules that decides who can do what.
Enabling ACLs in this S3 setup (what we just did) lets you control who can access and do things with specific files in your bucket.
With ACLs, different AWS accounts can own and control different files in the same bucket. This can make managing who can do what a bit tricky.

The warning you see suggests that it's usually better to use something called "bucket policies" to keep things simpler. Bucket policies let you manage all the permissions for the whole bucket in one place. In this exercise, we're enabling ACLs to show you how they work.

8. Check the box for Block all public access.

9. Choose Create bucket.

On the next task, you will upload an S3 object to your S3 bucket

Task 2: Upload an object to the S3 bucket

  1. Click on the name of the S3 bucket you created in Task 1.
  2. Click Upload.
  3. Click Add files and select any file you want to upload, like an image (e.g., .jpg or .png). Click Upload.
  4. You'll see the file being uploaded, ooo something exciting's brewing! When it's done, click Close.
  5. Select the file you've just uploaded by checking the box next to its name. Then, choose Copy URL to get the Object URL.
  6. Open a new browser tab, paste the Object URL, and hit Enter. You'll likely see an Access Denied message!
No worries, this is what we expected to happen - because we set up ACLs and blocked public access in Task 1. Have a look at step 3b of Task 1 to see how you  enabled ACLs, and step 3c to see how you enabled Block all public access.

Task 3: Make the object public

In this task, let's fix the issue. We do this by making the S3 object public!

  1. Choose the Permissions tab.
  2. Under Block public access (bucket settings), click Edit.
  3. Uncheck the Block all public access box.
  4. Click Save changes.
  5. In the pop up, type 'confirm'.
  6. Click Confirm.

After you disable the block on public access, let's also disable ACLs (so that we aren't blocking public access to your object).

7. Go to the Objects tab, check the box next to your object, click Actions, and choose Make public using ACL.

8. Click Make public and close the status page.

9. Refresh the browser tab where you pasted the Object URL.

You should now be able to view the object because it's made public. Ayyy, nice work!

Task 4: Deleting the resources

In this task, you will delete the S3 object and bucket so we're not racking up any charges in our account.

  1. To delete an S3 object, select it and choose Delete. Type permanently delete to confirm, and then click Delete objects.
  2. Now, head back to the Buckets page (it's on the left hand pane), click on the circle next to the one you created, and choose Delete. Type the bucket name to confirm the deletion, and then click Delete bucket.

Nice work, you've completed this hands-on exercise! You have successfully:

  • Created an S3 bucket.
  • Uploaded an object to a S3 bucket.
  • Made the object public and accessed it.