参加学校内的 AWS YouthTech Bootcamp 时学习到的内容,故记录下来。

以下所有内容皆在 Amazon Educate 中进行。

Storage

Amazon S3

在本实验室中,您将使用刚刚学习的亚马逊简单存储服务(Amazon S3)的一些功能来创建静态网站。

静态网站可以包含 HTML 页面、图像、样式表以及呈现网站所需的所有文件。

静态网站不使用服务器端脚本或数据库。不过,它们可能包含在用户网络浏览器中运行的客户端脚本。

您可以通过上传内容在 Amazon S3 上托管静态网站,并使其可供用户阅读。

不需要服务器,您可以使用 Amazon S3 随时从网络上的任何地方存储和检索任意数量的数据。

目标:

  • 在 Amazon S3 中创建一个存储桶。
  • 配置存储桶以托管静态网站。
  • 将内容上传到存储桶。
  • 打开对存储桶对象的公共访问。
  • 使用预指定 URL 安全地共享水桶对象。
  • 使用水桶策略保护水桶。
  • 更新网站。
  • 在 Amazon S3 控制台中查看对象版本。

Creating a bucket in Amazon S3

  1. In the AWS Management Console, on the Services menu, choose S3.

  2. Choose Create bucket.

    An S3 bucket name is globally unique, and all AWS accounts share the namespace. After you create a bucket, no other AWS accounts in any AWS Regions can use the name of that bucket unless you delete the bucket.

    For this lab, you use a bucket name that includes a random number, such as website-123.

  3. For Bucket name, enter website-<123> and replace <123> with a random number.

  4. Public access to buckets is blocked by default. Because the files in your static website will need to be accessible through the internet, you must permit public access.

  5. For Object Ownership, choose ACLs enabled.

  6. Choose Bucket owner preferred.

  7. For Block Public Access settings for this bucket, clear the check box for Block all public access, and then select the box that states I acknowledge that the current settings might result in this bucket and the objects within becoming public.

  8. For Bucket Versioning, choose Enable.

    Note: Once you turn on (enable) bucket versioning, you can't turn it off.

  9. For Tags, choose Add tag, and enter the following:

    • Key: Department
    • Value: Marketing

    You can use tags to add additional information to a bucket, such as a project code, cost center, or owner.

  10. Choose Create bucket.

  11. In the Buckets section, choose the name of your new bucket.

  12. Choose the Properties tab.

Configuring a static website on Amazon S3

  1. Scroll to the Static website hosting panel.

  2. Choose Edit.

  3. Configure the following settings:

    • Static web hosting: Choose Enable.
    • Hosting type: Choose Host a static website.
    • Index document: Enter index.HTML
    • Error document: Enter error.HTML

    Note: You must enter index.HTML and error.HTML even though they are already displayed.

  4. Choose Save changes.

  5. In the Static website hosting panel under Bucket website endpoint, choose the link.

    You receive a 403 Forbidden message because you have not yet configured the bucket permissions. Keep this tab open in your web browser so that you can return to it later.

    You have configured your bucket to host a static website.

Uploading content to your bucket

  1. Choose (right-click) each of the following links, and download the files to your computer:
    Ensure that each file keeps the same file name, including the extension.

    • index.HTML
    • script.JS
    • style.CSS

  2. Return to the Amazon S3 console, and choose the Objects tab.

  3. Choose Upload

  4. Choose Add files

  5. Choose the three files that you downloaded.

  6. Choose Upload

  7. Your files are uploaded to the bucket.

  8. Choose Close

Turning on public access to the objects

Objects that are stored in Amazon S3 are private by default. This setting helps keep your organization's data secure.

In this task, you make the uploaded objects publicly accessible so users can view your website.

  1. First, confirm that the objects are currently private.

  2. Return to the browser tab that showed the 403 Forbidden message.

  3. Refresh the webpage.
    If you accidentally closed this tab, go to the Properties tab, and in the Static website hosting panel, choose the Bucket website endpoint link again.

You should still see a 403 Forbidden message. This response is expected! This message indicates that your static website is being hosted by Amazon S3 but that the content is private.

You can make Amazon S3 objects public through two different ways:

To make either a whole bucket public or a specific directory in a bucket public, use a bucket policy.
To make individual objects in a bucket public, use an access control list (ACL).
It is normally safer to make individual objects public because doing so avoids accidentally making other objects public. However, if you know that the entire bucket contains no sensitive information, you can use a bucket policy.

You now configure the individual objects to be publicly accessible.

Keep the website tab open, and return to the web browser tab with the Amazon S3 console.
Choose all three objects.
In the Actions menu, choose Make public using ACL.
A list of the three objects is displayed.

Choose Make public
Your static website is now publicly accessible.

Choose Close
Return to the web browser tab that has the 403 Forbidden message.
Refresh the webpage.
You should now see the static website that is being hosted by Amazon S3.

Now you know how to share objects with everyone by making them public. However, there may be times when you need to share an individual object for a limited amount of time. In the next task, you learn how to temporarily share an object.

Securely sharing an object using a presigned URL

When you need to temporarily and securely share an object with a person or group of people, you can create a presigned URL. When you create the URL, you must configure how long the URL will be valid. Then, you can share this URL with the users who should have access to the object.

As long as the presigned URL is valid, anyone who has it can get to the object. Avoid keeping the URL active longer than necessary, and only share the URL with people you trust.

Choose (right-click) the following link, and download the file to your computer:
Ensure that the file keeps the same file name, including the extension.
new-report.png
Return to the Amazon S3 console, and choose the Objects tab.
Choose Upload
Choose Add files
Choose the file that you downloaded.
Choose Upload
You have uploaded your file to the bucket.

Choose Close

Like when you first uploaded the website files, the new-report.png file is private by default. This time, instead of making the object public, you create a presigned URL to access the file.

In the Objects tab, choose new-report.png.

From the Actions menu, select Share with a presigned URL

In the pop-up window, configure the Time interval until the presigned URL expires:

Choose Minutes
For Number of minutes, enter 2
Choose Create presigned URL

From the banner at the top of the page, choose Copy presigned URL.

Open a new browser tab, and paste the URL you copied into the address bar.

A report is displayed in the web browser.

If you wait 5 minutes and use the link again, you will find that the URL has expired and no longer works.

Using a bucket policy to secure your bucket

You want to protect your website files and make sure that no one can delete them. To do this, you apply a bucket policy that denies delete privileges on your website files.

Return to the Amazon S3 console, and choose the Permissions tab.
Under Bucket policy, choose Edit
Copy the following policy text. In the Policy text editor, replace the existing policy text with this text:
{
"Version": "2012-10-17",
"Id": "MyBucketPolicy",
"Statement": [
{
"Sid": "BucketPutDelete",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:DeleteObject",
"Resource": [
"arn:aws:s3:::/index.HTML",
"arn:aws:s3:::/script.JS",
"arn:aws:s3:::/style.CSS"
]
}
]
}
This policy prevents everyone from deleting the three files that make your website work.

Next, you update the text in the policy editor. In the following lines of code in the policy editor, replace the placeholders with the name of your bucket.

"arn:aws:s3:::/index.HTML",
"arn:aws:s3:::/script.JS",
"arn:aws:s3:::/style.CSS"
Your updated code should look similar to the following:

"arn:aws:s3:::website-1234/index.HTML",
"arn:aws:s3:::website-1234/script.JS",
"arn:aws:s3:::website-1234/style.CSS"
Note: Your bucket name will be different. Be sure to use the name of the bucket that you created.

Choose Save changes

Return to the the Object tab

Select index.HTML.

Choose Delete.

In the Delete objects panel, enter delete to confirm that you want to remove this file.

Choose Delete objects

Notice that the index.HTML file is listed in the Failed to delete pane.

This confirms that your policy is working and preventing the website's files from being deleted.

Choose Close to return to the Objects tab.

Updating the website

Although you have configured a policy to prevent deletion of website files, you can still update the website by editing the HTML file and uploading it to the S3 bucket again.

Amazon S3 is an object storage service, so you must upload the whole file. This action replaces the existing object in your bucket. You cannot edit the contents of an object; instead, you must replace the whole object.

On your computer, load the index.HTML file into a text editor (for example, Notepad or TextEdit).
Find the text Served from Amazon S3, and replace it with Created by and substitute your name for (for example, Created by Jane).
Save the file.
Return to the Amazon S3 console, and upload the index.HTML file that you just edited.
Choose index.HTML, and in the Actions menu, choose the Make public using ACL option again.
Choose Make public.
Return to the web browser tab with the static website, and refresh the page.
Your name should now be on the page.

Your static website is now accessible on the internet. Because it is hosted on Amazon S3, the website has high availability and can serve high volumes of traffic without using any servers.

Exploring file versions

Bucket versioning is turned off by default. When versioning is turned off, changes to objects can't be undone. For example, if you upload a new version of a file, the old file is replaced with the new one. The original file is lost. If you delete a file, it is permanently deleted, and you can't get it back.

However, when versioning is turned on, changed and deleted versions of files are saved. Previous versions of objects are not presented by default, but you can access them using the console or programmatically. Because you are keeping earlier versions of objects, you can recover them if you need to.

It is important to remember that once you turn on version, you cannot turn it off. However, you can suspend versioning. For more information on bucket versioning, see the Amazon Simple Storage Service Users Guide.

Recall that when you created your bucket, you turned on versioning. In this task, you view the object versions available in your bucket.

Return to the Amazon S3 console, and choose the Objects tab.

Choose Show versions to turn on bucket versioning.

Review the list of objects in the bucket.

Notice that each file has a Version ID. These IDs are automatically generated by Amazon S3 when versioning is turned on.
You should also find two versions of the index.HTML file because you uploaded a new version of the file. The current version is the file that you uploaded when you updated your website.