Lab Information
As part of the data migration process, the Nautilus DevOps team is actively creating several S3 buckets on AWS. They plan to utilize both private and public S3 buckets to store the relevant data. Given the ongoing migration of other infrastructure to AWS, it is logical to consolidate data storage within the AWS environment as well.
Create a public S3 bucket named devops-s3-17460 using Terraform.
Ensure the bucket is accessible publicly once created by setting the proper ACL.
The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Notes:
Create the resources only in the us-east-1 region.
Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
The name of the S3 bucket should be based on devops-s3-17460.
You can use the ACL settings to ensure the bucket is publicly accessible.
Lab Solutions
Step 1: Create main.tf
# main.tf
# Create S3 bucket for public data storage
resource "aws_s3_bucket" "devops_bucket" {
bucket = "devops-s3-17460"
tags = {
Name = "devops-s3-17460"
}
}
# Configure bucket ACL for public read access
resource "aws_s3_bucket_acl" "devops_bucket_acl" {
bucket = aws_s3_bucket.devops_bucket.id
acl = "public-read"
}
# Disable public access block to allow public access
resource "aws_s3_bucket_public_access_block" "devops_bucket_public_access" {
bucket = aws_s3_bucket.devops_bucket.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
Step2: To deploy this configuration
Navigate to the Terraform directory:
cd /home/bob/terraform
Initialize Terraform:
terraform init
Output
bob@iac-server ~/terraform via π default β terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Plan the deployment to verify the configuration:
terraform plan
Output
bob@iac-server ~/terraform via π default β terraform plan
Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.devops_bucket will be created
+ resource "aws_s3_bucket" "devops_bucket" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "devops-s3-17460"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "Name" = "devops-s3-17460"
}
+ tags_all = {
+ "Name" = "devops-s3-17460"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ cors_rule (known after apply)
+ grant (known after apply)
+ lifecycle_rule (known after apply)
+ logging (known after apply)
+ object_lock_configuration (known after apply)
+ replication_configuration (known after apply)
+ server_side_encryption_configuration (known after apply)
+ versioning (known after apply)
+ website (known after apply)
}
# aws_s3_bucket_acl.devops_bucket_acl will be created
+ resource "aws_s3_bucket_acl" "devops_bucket_acl" {
+ acl = "public-read"
+ bucket = (known after apply)
+ id = (known after apply)
+ access_control_policy (known after apply)
}
# aws_s3_bucket_public_access_block.devops_bucket_public_access will be created
+ resource "aws_s3_bucket_public_access_block" "devops_bucket_public_access" {
+ block_public_acls = false
+ block_public_policy = false
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = false
+ restrict_public_buckets = false
}
Plan: 3 to add, 0 to change, 0 to destroy.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to
take exactly these actions if you run "terraform apply" now.
Apply the configuration:
terraform apply
Then type yes when prompted to confirm the creation of the snapshot.
Output
bob@iac-server ~/terraform via π default β terraform apply
Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.devops_bucket will be created
+ resource "aws_s3_bucket" "devops_bucket" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "devops-s3-17460"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "Name" = "devops-s3-17460"
}
+ tags_all = {
+ "Name" = "devops-s3-17460"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ cors_rule (known after apply)
+ grant (known after apply)
+ lifecycle_rule (known after apply)
+ logging (known after apply)
+ object_lock_configuration (known after apply)
+ replication_configuration (known after apply)
+ server_side_encryption_configuration (known after apply)
+ versioning (known after apply)
+ website (known after apply)
}
# aws_s3_bucket_acl.devops_bucket_acl will be created
+ resource "aws_s3_bucket_acl" "devops_bucket_acl" {
+ acl = "public-read"
+ bucket = (known after apply)
+ id = (known after apply)
+ access_control_policy (known after apply)
}
# aws_s3_bucket_public_access_block.devops_bucket_public_access will be created
+ resource "aws_s3_bucket_public_access_block" "devops_bucket_public_access" {
+ block_public_acls = false
+ block_public_policy = false
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = false
+ restrict_public_buckets = false
}
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_s3_bucket.devops_bucket: Creating...
aws_s3_bucket.devops_bucket: Creation complete after 1s [id=devops-s3-17460]
aws_s3_bucket_public_access_block.devops_bucket_public_access: Creating...
aws_s3_bucket_acl.devops_bucket_acl: Creating...
aws_s3_bucket_public_access_block.devops_bucket_public_access: Creation complete after 0s [id=devops-s3-17460]
aws_s3_bucket_acl.devops_bucket_acl: Creation complete after 0s [id=devops-s3-17460,public-read]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Top comments (0)