Advanced S3 Security Configuration

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

In this lab, we will configure permissions for a provided S3 bucket to provide appropriate access to a team of users, as well as a public prefix within the S3 bucket.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Investigate the Lab Environment

Log in to the AWS web console and take a look around. You should find:

  • An EC2 bastion host with pre-configured AWS CLI profiles for: brock, john, and lizzie.
  • Matching IAM users with no permissions.
  • An S3 bucket with the prefix structure in the lab description, and text files in each prefix.
Provide Appropriate Public Access

Provide appropriate access for all objects in the /public prefix in the provided S3 bucket.

Provide Appropriate Team and User Access

Provide appropriate access for all objects in the /team prefix in the provided S3 bucket, as well as appropriate access to each user’s prefix.

Test Permissions

Using your web browser and the provided EC2 instance, test all requested access patterns to ensure all users are able to perform the actions they should be able to, and are unable to perform any outside of the requested parameters.

Additional Resources

You've been asked by a team of developers to secure the S3 bucket which will store the data from an upcoming project. The team-data... bucket has been provided in the account and has the following prefix structure:


When you have completed your bucket security configuration, the following access patterns should function.

  • Anyone should be able to read from the /public prefix if they have the full URL of the object they are attempting to access.
  • All team members (Brock, John, and Lizzie) should be able to list the contents of and read and write to the /team prefix.
  • Each user should be able to list the contents of and perform read and write operations to the prefix that matches their username.

The provided environment includes an EC2 instance containing AWS CLI profiles with credentials for each user.

Lab Resources

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?