Amazon AWS SysOps – S3 Fundamentals Part 3
- S3 Websites
Okay, so now let’s talk about S Three websites. S Three can host static websites and have them accessible on the World Wide Web. And the website URLs will be very simple. It will be an Http endpoint. And it can look like this or like this, depends on the region you’re in. The idea is that it starts the bucket name s Three website, and then the AWS region, Amazon Aws. com. And if you enable it for a website, but you don’t set a bucket policy that allows public access to your bucket, you will get a 403 forbidden error. And we’ll see how to fix this in this. Hands on. So let’s go ahead and enable our S Three bucket as a website. Okay, so I am in my bucket, and what I want to do is to upload a few files in here so that we can start displaying some HTML.
So I have created an index of HTML file, which is an HTML file. And so you don’t need to know HTML right now. The important part is right here. So we’re just saying this is my first web page. It says I love coffee and hello world. And it’s going to load an image named Coffee JPEG. This is what it does. All the things here is in the comments. We’ll see this in the next lecture. This is about course. Okay. The other thing I have is an errors HTML page which says there was an error. If we do get an error, okay, this is the only thing. So let’s go back to Amazon is free and we’re going to upload these two files. So my index HTML and my error HTML, we’ll open them and click on upload. And here we go. These files are getting uploaded into my bucket. And actually, no, I’m getting errors.
Why am I getting errors? You should know why. Because if I go to permissions and go to bucket policy, I did have a bucket policy which forced me to upload the files encrypted. And so what I need to do is to remove this bucket policy. So here I am in my bucket policy editor. I’m going to take all this bucket policy, remove it. Actually, I can click on Delete and click on Delete. Here we go. And it’s going to delete my bucket policy. And so now this bucket policy is gone and I should be able to try to re upload my files. Please note that when you update a bucket policy, it can take a bit of time to reflect on your SV bucket. So if you try to reupload these two files index and error HTML right away, maybe you will get an error if you just go too fast. So if you do get an error, try again and then it should work.
Okay, so now we have my coffee JPEG, my error HTML, my index HTML. So what I’m going to do is go to properties and then static website hosting. And I will say, yes, please use this bucket to host a website. The index document is the document to get by default. It’s index HTML. And the error document is the document that will be shown in case I have a wrong URL, which is error HTML. For redirection rules, we’ll just leave it empty and click on Save. So now what I get here is an endpoint, which is right here. And this is my website hosted on a street.
So let’s try it out. We’ll go ahead and click on this endpoint and what I’m getting is a 403 forbidden access denied. Pretty weird, right? We did enable the website as a static website hosting. We do have an insect HTML, but we’re still not able to access our files. Well, when you think of it, this website is a public website on the public web. And this extra bucket is a private Svocet. So we need to make sure that this extra bucket becomes public so that we can access our files in here. So, to do so, we need to do two things, if you remember correctly. First, we need to change these block public access settings to make sure that we do enable this bucket as a public bucket. So I’m going to go and edit the settings and I’m going to uncheck everything and click on Save.
Now, we allow this bucket by typing confirm. We allow this bucket to become public, but this is not enough to make itself public. So if I refresh, I still get a 403 forbidden error. So to make this bucket public, we need to create a bucket policy. What’s the best way to create a bucket policy? Well, it’s using the policy generator. So we want to create an S three bucket policy. And we want to allow anyone so we’ll have a star here, allow anyone on Amazon is free to view the website. And to view the website, what we need to do is a get object. So get object.
Now, finally, the ARN. Again, we need to get the ARN of our bucket. So let’s just copy it from here and we’ll copy it there. And we don’t forget to have a slash and, a star, add the statements and generate policy. This is a bucket that will make our SD bucket public. So let’s go ahead and click on Save. And now we get a message saying this bucket has public access. Okay, you have provided public access to this bucket. We highly recommend that you never grant any kind of public access to your Sree buckets except when you make a website. Okay? So these block public access are all disabled. And as you can see, the bucket policy is a public bucket policy.
So now we have the big giant public in here. And actually, if you go back to Amazon Three, you will see as well that this says public. And there is a very big warning sign but that’s okay because we intended this bucket to become public. So back in our website, if we refresh this page now, we get our index HTML file that is loaded and it says, I love coffee. Hello world. And it did load our coffee image directly from the bucket in here. So this one right here, so pretty cool. It is working fine and it is using the full S Three website URL. So name it as a bucket, s Three website My Region and then Amazonite glass.
And if I try something else, for example, lull, it says, oh, there was an error. And this is the error message we are getting from our error HTML web page. Okay, so this is working really great. We have a West Three website enabled and I will see you in the next lecture to discuss cross origin resource sharing. Or course.
- S3 CORS
So now let’s talk about Course or cross origin resource sharing. And this is a complicated concept, but it does come up as the exam in very simple use cases. But I want to go deep into Course to really explain to you how it works, because it will make answering the question extremely easy. So what is an origin? An origin is a scheme. So a protocol, a host, a domain and a port. In English, what that means is that, for example, if you do https www. example. com, this is an origin where the scheme is Https, the host is WW dot example, and the port is port four three. Why? Because as soon as you have Https, it is port four three as an implied port. Okay, so cores means cross origin resource sharing. So that means we want to get resources from a different origin.
The web browser are having this security in place. Cores basically saying that as soon as you visit a website, you can make requests to other origins only if the other origins allow you to make these requests. This is a browser based security. So what is the same origin and what is a different origin? Well, for example, same origin as this, where you go to example app one or example app two. This is the same origin. So we can make requests from the web browser from the first URL to the second URL, because this is the same origin.
But if you visit, for example, www. example. com and then you’re asking your web browser to make a request to other example, this is what’s called a cross origin request and your web browser will block it unless you have the correct Course headers. And we’ll see what these are in a second. So now that we know what is the same origin and what is a different origin, we know that the request will not be fulfilled unless the other origin allows for the request using the Course headers. And the Course headers is this one you will see in the hands on called Access Control Allow Origin.
Okay, so that’s just for the theory. Now let’s go in the diagram. It will make a lot more sense. So here’s our web browser and it visits our first web server. And because this is the first visit we do, it’s called the origin. So for example, our web server is at https www. example. com. Okay, great. And there is a second web server called a cross origin because it has a different URL which is https www. other. com. So a web browser visits our first origin and is going to be asked from the files that are loaded from the origin to make a request to the cross origin. So what the web browser will do is that it will do what’s called a pre flight request.
And this pre flight request is going to ask the cross origin if it’s allowed to do a request on it. So it’s going to say hey cross origin, the website https www. example. com is sending me to you, can I make a request onto your website? And the origin is saying yes, here is what you can do. So the access control allow origin is saying is this website allowed or not? So yes, it is allowed because now we have the same origin here, the green one as we had on the left hand side and the methods that are authorized is get put and delete. So we can get a file, delete a file or update a file. Okay, so this is what the cross origin is allowing a web browser to do.
So this is the course method and therefore because our web browser has been authorized to do so, then it can issue for example, a get to this URL and it will be allowed because the Course headers received previously allowed the web browser to make this request. Okay, so this may be new to you, this may be a lot, but you need to understand this before we go into the next use case, which is the S three course. So if a client does a cross origin request on our S three bucket enabled as a website, then we need to enable the right Course headers. It’s a very popular exam question, okay, so you need to understand when we need to enable Course headers and where we need to enable Course headers. So we’ll see this in the hands on as well. So we can allow for a specific origin by specifying the entire origin name or a star for all origins.
So let’s have a look. The web browser for example, is getting HTML files from our buckets and our bucket is enabled as a website. But there is a second bucket that is going to be our cross origin bucket also enabled as a website that contains some files that we want. So we’re going to do get index HTML and the website will say okay, here is your index HTML and that file is going to say you need to perform a get for another file on the other origin. And if the other bucket is configured with the right Course headers, then a web browser will be able to make the request, if not, it will not be able to make that request and that is the whole purpose of course. So as we can see here, the Course headers have to be defined on the cross origin bucket, not the first origin bucket. Okay? So this is just for the theory. We’re going to go into the hands on to see how we can explain these concepts in a much more practical way. So that was it for the lecture. I will see you in the next lecture.
- S3 CORS Hands On
Okay, so I am back on my web server and I want to upload some new files for index HTML. So I’m going to demo Course and therefore I need to uncommon this part of my code. So for this right under Course demo, you need to remove the part left of the div and you need to remove the part right of the script. Okay, this is what you need to do. Then you save it. And as we can see this file, we don’t want to be HTML expert, but it’s going to do a fetch on an extra page of HTML. And so this is going to be the request it’s going to do right now, but on the same origin. So fetch extra page of HTML on the same origin in this extra page this contains. Hey, this extra page has been successfully loaded. Okay? So let’s go ahead and upload these two files and see what happens. So we’re going to go ahead, take these files, so index HTML and ExtraPage HTML and we’re going to upload those.
Excellent, they’re uploaded. So now if we go to our website and we go slash ExtraPage HTML, we should see this extra page has been successfully loaded. So this is great, this is working fine. And if we go to our main page index HTML, we can see that right below the coffee photo, this extra page has been successfully loaded. So as we can see here, when we do a same origin request using the fetch, this is the same origin request, then it works. But what if we put this file extra page HTML on another s three bucket? So let’s go and open Amazon sere. And I’m going to create a new bucket called the Bucket of Stefan 2020, the Bucket of Stefan 2020 Assets. Okay, so this is another bucket, same region. I’m going to uncheck all the public access because we want to make this bucket public and I’ll create the bucket. Yes, I acknowledge that it is going to be a public bucket as soon as I add my bucket policy. So I’m going to go in here and add a bucket policy.
The bucket policy is going to be very similar to the one before. Just need to change it a little bit. So I’m going to add here minus assets. Okay, so we have the right bucket name in here and this should make my bucket public. So very soon says, yes, my bucket is now public. I’m also going to enable this website as a static web hosting and I’m just going to say index HTML here and that will be more than enough and press save. And finally I need to upload my extra HTML. So I’m going to upload my extra page HTML in here and yes, it is uploaded. So now if I open up my s three static website, this is my second website in here and I do ExtraPage HTML as you can see it works. So what we’ve done here is that we’ve created a second bucket with just this extra page HTML file.
And that file is loaded successfully when we use the entire URL. So this is great. Okay, next, in this bucket here, I’m going to delete that extra page. So action and then delete. And yes, my file has been deleted and I’m going to go to my index HTML and here, instead of fetch extra page here, what I want to fetch the extra page from is my other buckets. So I’m going to copy this entire URL and I’m going to paste it here. And so now it’s done a fetch Http from my other buckets. So my Assets buckets at this page right here.
Okay, so now we’re going to update this file in the first bucket. So I’m going to add a file and look at index HTML and upload. And now it’s been overridden. So let’s go to my first web page and I’m going to enable the Chrome Developer Console. So this is something you can do by going here more tools and saying Developer Tools. And we’re going to go to console and we’re going to refresh this page. Okay, so this is going to give us some information. So as we can see right now, the page hasn’t been refreshed. So this is at the bottom. But now I refresh this page and the thing at the bottom I disappeared. And on the right hand side we’re getting a lot of errors. So here is the errors. Enable to act to fetch this from this Origin.
So the second Origin is unaccessible from the first Origin because no access Control Allow Origin header is present on the requested resource. So this website here is not allowed to access the other website here because we haven’t defined the correct course headers. And this is the case I was just showing you in the previous lecture. So for it to work, we need to change the course on the second bucket. So the Assets buckets to allow origin to allow requests to be done from my first Origin. So we’re going to go to my second bucket and go to Course configuration. And in here I want to copy this courseconfig HTML. So I copy everything here and paste it. And in the allowed Origin field we need to enter the bucket URL we’re making the request from. So for me, this is my web page. This is our first bucket URL. So I’m going to copy this and paste Oops and paste it here.
Here we go. So we have allowed origin http Then we have the entire bucket name and I’m going to remove the last slash just in case. So we’re saying the allowed Origin is this. This is one way of doing it and you can save it. Or we could just have here if you want to make it very simple and it doesn’t work for you. Just put a star and they should work equally well. This allows any origin to get files from this bucket. So I click on save but the star should do it as well. And now I’m going to refresh this page and because we have set the correct course headers on the second bucket then this should work.
So let’s reload this page and yes this extra page has been successfully loaded and as we can see everything worked nicely. So we can also verify this by going into the network. So if we go to the network tab and just refresh this okay, I’m going to clear everything and refresh this page. As we can see this extra page right here is being loaded. And so if I click on this extra page, the request URL is the one we have specified, the method is get and then we are getting some request response headers which is access allow methods, get access allow origin and the origin we have set and the max age and so on.
So these headers right here, these four headers allowed this cross origin request to successfully complete. And this is a lot of information I just gave you but it shows you how cores work in depth. So going into the exam you don’t need to know exactly how to configure cores but remember that if one website makes a request on another website then that other websites needs to have the correct course headers and they’re defining here the correct course headers for that request to complete successfully. And that’s the whole demo of course. And I hope you liked it, hope it made sense and I will see you in the next lecture.
- S3 Consistency Model
Now, let’s talk about the Amazon s three consistency model. And Amazon s three is an eventually consistent system. So Amazon is three is made of multiple servers. And so when you write to Amazon S Three, the other servers are going to replicate data between each other and this is what leads to different consistency issues. So you need to know a few rules. You get read after write consistency for put of new objects. So that means that as soon as you upload a new object, once you get a correct response from Amazon is free, then you can do a get of that object and get it. So that means that if you do a successful put so put 200, 200 means okay, then you can do a get and that get will be 200. That means they will be okay as well.
This is true except if you do a get before doing the put to check if the object existed. So if you do a get and you get a 404 for not existing, then you do a put. Then there’s a chance you do a get right after and you get a 404 still even though the object was already uploaded. And so this is what’s called eventually consistent. So this eventual consistency, you also get it on deletes and puts of existing objects. In English that means that if you read an object right after updating it, you may get the older version of that object. So if you do a put on existing contracts to get to put 200, then you do another put to put 200 and then you do a get. Then the get might return the older version if you’re very quick. And the way to get the newer version is just to wait a little bit.
This is why it’s called eventual consistency. And if you delete an object, you might still be able to retrieve it for a very short time. So if you do delete of an object and you do right after a get, you may have a successful get. So get 200. This is because it’s eventually consistent. If you retry after a second or 5 seconds, then the get will give you a four or four because the object has been deleted. So this eventual consistency model is something you should know going into the exam.
So it’s very simple. You get read after right consistency for puts of new objects and eventual consistency for deletes and puts of existing objects. Super simple rules. Finally, I’ve had this question many times in the Q and A. So I’m going to answer it right now. There is no way to request strong consistency in Amazon stray. You only get eventual consistency and there is no API to get strong consistency. So that means that if you overwrite an object, you need to wait a little bit before you are uncertain that the get returns the newest version of your object. Okay, so that’s it for this lecture. I hope you liked it, and I will see you in the next lecture.