In this hands-on lab, we implement S3 bucket policies and IAM policies to learn about the various ways to secure our S3 buckets and the data within them. We also examine which services we can leverage to audit and remediate security issues.
Here is the [GitHub link](https://raw.githubusercontent.com/linuxacademy/content-how-to-properly-secure-an-s3-bucket/master/lab-securing-s3-a-to-z/S3BucketPolicy.json) to copy the S3 bucket policy mentioned in this lab.
Successfully complete this lab by achieving the following learning objectives:
- Update the IAM Policy
Update the IAM policy to include our
partyparrots-<STRING>bucket name and the public IP address provided for the lab.
- Configure CloudTrail and CloudWatch for SNS Event Notifications
Create a CloudTrail trail to log
writeevents, configure SNS notifications and subscribe to receive email alerts, and set a CloudWatch rule to trigger email alerts on deletion events.
- Attach the IAM and S3 Bucket Policies
Attach the IAM policy to our Architects and Developers groups and create user folders for
john. Then, add an S3 bucket policy from the provided GitHub repository.
- Test and Verify the IAM and S3 Bucket Policies
Verify the IAM and S3 policy permissions are configured correctly, update the IAM policy to include the
DeleteObjectpermission, and test server-side encryption.
- Enable Block Public Access in the S3 Bucket
Update the Block Public Access settings for the S3 bucket.