In this hands-on lab, you are a software engineer working for a new startup that is launching an online bookstore for rare and antique books. The founder, Kia, needs your help with protecting her data.Since her technical lead is out sick, she’s calling on you for assistance. In order to protect the book data stored in S3, you will use a resource-based policy in AWS Identity & Access Management (IAM), to prevent an Amazon S3 bucket from being deleted.
Successfully complete this lab by achieving the following learning objectives:
- Use the AWS Policy Generator to Generate a Resource Policy
- Navigate to AWS Policy Generator.
- Set the following values:
- Type of Policy: S3 Bucket Policy
- Effect: Deny
- Principal: *
- Actions: DeleteBucket
- ARN: *
- Click Add Statement.
- Click Generate Policy.
- Copy the policy to the clipboard.
- Attach a Resource Policy to an S3 Bucket
- Log in to the AWS Management Console.
- Navigate to S3.
- Create a new bucket, and add the policy generated earlier to the Permissions tab.
- Copy the bucket ARN number.
- In the bucket policy, update the
"*"with the copied bucket ARN number.
- Click Save changes.
- Test the Resource Policy
- Navigate back to S3.
- Select the created S3 bucket from the list and click Delete.
- Enter the bucket name and click Delete bucket. Was the bucket deleted?
- Select the lab-provided S3 bucket from the list and click Delete.
- Enter the bucket name and click Delete bucket. Was the lab-provided bucket deleted?