1

00:00:00,030  -->  00:00:05,629
Okay so I'm just going to jump into the
s3 console now and just give you a quick

2

00:00:05,629  -->  00:00:10,620
overview of what we mean by an access
control list, what we mean by a bucket

3

00:00:10,620  -->  00:00:17,119
policy and how to create one. So I've just got
a number of buckets here that I use for

4

00:00:17,119  -->  00:00:21,029
for demonstration. So I've just got here
I'll just select one of these buckets

5

00:00:21,029  -->  00:00:25,920
here and have a look at it. So we can see
here we've got a number of objects here

6

00:00:25,920  -->  00:00:29,609
in the bucket that I've already uploaded.
So I'm just going to look at the

7

00:00:29,609  -->  00:00:39,030
properties for this bucket. So here we go.
 If I look under permissions and I can

8

00:00:39,030  -->  00:00:44,640
see I've already got an access control
list already created for me by Amazon

9

00:00:44,640  -->  00:00:47,789
Web Services, by the s3 service, already
created that for me, I didn't have to do

10

00:00:47,789  -->  00:00:54,300
anything. So I can add another access
control list to that. So I can click on

11

00:00:54,300  -->  00:00:58,020
here add more permissions and that in
there. I can put more on there if I need

12

00:00:58,020  -->  00:01:04,199
to so I can grantee you know everyone
access to it or to to view it for

13

00:01:04,199  -->  00:01:11,159
example. Now we can also add a bucket
policy to this bucket. So bucket policies

14

00:01:11,159  -->  00:01:15,990
they apply at the bucket level, they're
not applied at the object level, so apply

15

00:01:15,990  -->  00:01:21,299
across an entire bucket so if we want to
make this entire bucket to have read

16

00:01:21,299  -->  00:01:26,100
access to the entire public, that's what
we can do or, we can do a whole range of

17

00:01:26,100  -->  00:01:30,150
things, quite fine-grained control
that we have with a bucket policies.

18

00:01:30,150  -->  00:01:34,619
I'll just click on that which then opens
up the bucket policy editor so we can

19

00:01:34,619  -->  00:01:39,360
put our bucket policy in here which is
basically JSON code that we put in

20

00:01:39,360  -->  00:01:43,649
there or if we don't understand how to
do that we can use the AWS policy

21

00:01:43,649  -->  00:01:48,329
generator or we can cut and paste some
of the sample bucket policies that are

22

00:01:48,329  -->  00:01:53,220
available. So first off looking at the
sample bucket policies we can see we've

23

00:01:53,220  -->  00:01:58,560
got quite a number there that we can use,
all you do is just basically copy those

24

00:01:58,560  -->  00:02:02,040
and just change your bucket name, or
whatever you need to change, to make that

25

00:02:02,040  -->  00:02:08,459
work for you. So I'm going to use the AWS
policy generator so that's quite a good

26

00:02:08,459  -->  00:02:12,989
service because what it does is it
really speeds up the process and really

27

00:02:12,989  -->  00:02:15,150
takes away any
errors that you're going to have in

28

00:02:15,150  -->  00:02:22,650
manually writing up a JSON file for a
backup policy. So first thing we do is we

29

00:02:22,650  -->  00:02:28,320
select the type of policy which is an s3
bucket policy, the effect is allow or

30

00:02:28,320  -->  00:02:33,690
denied. So we're going to just create full public access

31

00:02:33,690  -->  00:02:38,670
to make life easier. So the principle, now
that's going to be the user or account

32

00:02:38,670  -->  00:02:43,620
or whatever that we're going to apply
this bucket policy to, so we're just

33

00:02:43,620  -->  00:02:46,800
going to apply it to everyone, so the
entire public so that'll be a wild-card

34

00:02:46,800  -->  00:02:55,620
symbol to do that. Now the action, so we
need to select an action and again to

35

00:02:55,620  -->  00:02:59,880
make so there are a number of action we can select so it's a very fine-grain

36

00:02:59,880  -->  00:03:05,040
control that you wouldn't get with an
access control list, so that's what we

37

00:03:05,040  -->  00:03:08,520
mean by fine-grained control here, so
we're just going to select all actions

38

00:03:08,520  -->  00:03:12,690
just to make life easier. Which is
probably something that you wouldn't

39

00:03:12,690  -->  00:03:21,210
normally do but for the purposes of an
example we'll do that. So the ARN, the

40

00:03:21,210  -->  00:03:25,170
Amazon Resource Name for an s3 bucket
follows the following format which we can

41

00:03:25,170  -->  00:03:30,530
see down here. So I'm just going to cut
and or copy and paste that across

42

00:03:47,130  -->  00:03:50,940
Okay so we've just got our a our ARN
there set up in the format that it's

43

00:03:50,940  -->  00:03:55,080
supposed to be and we can now, we're not going to add any further conditions so

44

00:03:55,080  -->  00:04:01,500
that's an optional step and we can now
add that statement to our to our bucket

45

00:04:01,500  -->  00:04:06,030
policy. So there we can see the principle
is everyone, the action is all actions on

46

00:04:06,030  -->  00:04:11,760
s3 and the resource there is our lab.backspace.academy bucket. So we can now

47

00:04:11,760  -->  00:04:17,160
generate that policy and so there's our
generated policy, so we can now copy and

48

00:04:17,160  -->  00:04:30,120
paste that over to our bucket policy
editor. Okay so there's our bucket policy

49

00:04:30,120  -->  00:04:33,840
that has been created put in our bucket
policy editor. We now click on save and

50

00:04:33,840  -->  00:04:42,210
that will be uploaded. Okay so there's
our bucket policy has been

51

00:04:42,210  -->  00:04:45,720
created there. So we just look at the
edit bucket policy and you can see it's

52

00:04:45,720  -->  00:04:53,430
there and I'll just delete that now. So
another thing I want to have a look at

53

00:04:53,430  -->  00:04:58,170
now is just to show the differences
between the properties of a bucket and

54

00:04:58,170  -->  00:05:05,970
an object. So just going to click on a
object now and if we go into permissions

55

00:05:05,970  -->  00:05:10,830
there we can see that again we've got
our access control lists but we don't

56

00:05:10,830  -->  00:05:15,150
have the option there to put a bucket
policy on. So there's our difference so a

57

00:05:15,150  -->  00:05:18,990
bucket policy is applied at the bucket
only whereas an access control list will

58

00:05:18,990  -->  00:05:24,750
be applied at both the bucket level or
at the object level. So that brings us to

59

00:05:24,750  -->  00:05:29,790
the end of the core knowledge that you
require for Amazon s3 and hopefully

60

00:05:29,790  -->  00:05:34,980
we've got to that very quickly and got
to it as painless as possible and I

61

00:05:34,980  -->  00:05:38,000
look forward to you in the next videos