AWS S3 is Global service, meaning that this service is available independent of AWS Region, you can find more on Global service and Region specific services in this link AWS Services.
All objects are stored in AWS S3 as S3 Buckets, these can be organized with shared names called prefixes. S3 Bucket names have to unique across AWS Cloud.
- Go to AWS S3 console and click on Create bucket.
-
Under General configuration, provide a bucket name and choose a Region.
Though you can access AWS S3 Globally, it resides in the AWS Region you specify here,
so in order to optimize latency, minimize costs, or to address regulatory requirements, choose any AWS Region that is geographically close to you.
There are several rules when it comes to S3 bucket naming, that can be found here
S3 Bucket Naming Rules -
Under Object Ownership, you can specify who can specify access to objects inside S3 buckets.
More on S3 access with ACLs can be found here
https://docs.aws.amazon.com/AmazonS3/latest/userguide/acls.html . - Under Public Access settings for this bucket, you can specify how you want to let public access the objects inside this bucket.
For the S3 bucket, you must choose an unique name across all AWS accounts in all the AWS Regions within the cloud partition.
If the bucket name already exists on AWS cloud, you will get an error saying that 'Bucket with the same name already exists'.
- Block all public access: This is a strict NO to public access to objects inside this bucket.
- Block public access to buckets and objects granted through new access control lists (ACLs): By choosing this option, S3 will block access to public to newly added objects inside this bucket, also prevent creation of new public access through ACLs for existing objects in this bucket. If the public access is allowed for existing S3 objects through ACLs, that will not be affected.
- Block public access to buckets and objects granted through any access control lists (ACLs): By choosing this option, S3 will ignore all ACLs that will give public access to objects inside this bucket.
- Block public access to buckets and objects granted through new public bucket or access point policies: By choosing this option, S3 will block new bucket and access point policies that grant public access to buckets and objects. This setting doesn't change any existing policies that allow public access to S3 resources.
- Block public and cross-account access to buckets and objects through any public bucket or access point policies: By choosing this option, S3 will ignore public and cross-account access for buckets or access points with policies that grant public access to buckets and objects.
- Under Bucket Versioning, you can choose whether you want to enable or disable this feature in S3. If you enable it, then it keeps all versions of objects inside the bucket.
-
Under Default encryption, you can choose whether to enable encryption for objects
stored in the bucket or not.
Note that, by enabling encryption, it only encrypts the objects after they are being uploaded to S3 bucket. This is not in-transit encryption.
