S3 Bucket Management with Versioning, Encryption, and Lifecycle Policies

Objective

This project aims to automate the creation, management, and deletion of Amazon S3 buckets while implementing essential features such as versioning, encryption, and lifecycle policies using Terraform and AWS CLI.

Prerequisites

• AWS Account
• IAM User with AmazonS3FullAccess and IAMFullAccess permissions
• Terraform installed on the local machine
• AWS CLI configured with IAM user credentials
• A code editor like VS Code

Project Implementation Steps

1. Setup AWS CLI and Configure IAM Permissions

1. Install AWS CLI if not installed:

sudo apt install awscli -y  # For Ubuntu
brew install awscli         # For Mac

2. Configure AWS CLI with IAM credentials:

aws configure

Provide:

• AWS Access Key
• AWS Secret Key
• Default region (e.g., us-east-1)
• Output format (e.g., json)

2. Define S3 Bucket Configuration using Terraform

We will use Terraform to:

• Create an S3 bucket
• Enable versioning
• Apply server-side encryption
• Add lifecycle rules

Create a Terraform Project Directory

mkdir s3-management-project && cd s3-management-project
touch main.tf variables.tf outputs.tf

Define variables.tf

variable "bucket_name" {
  description = "The name of the S3 bucket"
  type        = string
}

variable "region" {
  description = "AWS region"
  type        = string
  default     = "us-east-1"
}

Define main.tf

provider "aws" {
  region = var.region
}

resource "aws_s3_bucket" "s3_bucket" {
  bucket = var.bucket_name
}

resource "aws_s3_bucket_versioning" "versioning" {
  bucket = aws_s3_bucket.s3_bucket.id
  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
  bucket = aws_s3_bucket.s3_bucket.id

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}

resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
  bucket = aws_s3_bucket.s3_bucket.id

  rule {
    id     = "delete-old-versions"
    status = "Enabled"

    noncurrent_version_expiration {
      noncurrent_days = 30
    }
  }
}

output "bucket_name" {
  value = aws_s3_bucket.s3_bucket.id
}

3. Deploy the S3 Bucket using Terraform

1. Initialize Terraform

terraform init

2. Validate the configuration

terraform validate

3. Apply the changes to create the bucket

terraform apply -auto-approve

4. Verify bucket creation using AWS CLI

aws s3 ls

4. Upload and Manage Objects in S3

Upload a File

aws s3 cp test-file.txt s3://your-bucket-name/

Check Bucket Versioning

aws s3api list-object-versions --bucket your-bucket-name

5. Enable Bucket Policy for Security

To restrict access to specific IAM users or allow public access for static websites, create a policy.json file:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ],
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}

Apply the policy

aws s3api put-bucket-policy --bucket your-bucket-name --policy file://policy.json

6. Test Lifecycle Policy

• Upload an object
• Delete the object
• Check versioning and lifecycle rules

aws s3 rm s3://your-bucket-name/test-file.txt
aws s3api list-object-versions --bucket your-bucket-name

7. Delete S3 Bucket

To clean up:

terraform destroy -auto-approve

Alternatively, using AWS CLI:

aws s3 rb s3://your-bucket-name --force

Conclusion

This project covered:

• Creating an S3 bucket with Terraform
• Enabling versioning, encryption, and lifecycle policies
• Managing objects via AWS CLI
• Applying IAM bucket policies
• Deleting the bucket when no longer needed

This approach ensures automated, secure, and compliant S3 bucket management. 🚀