Amazon S3 bucket policies are used to secure access to objects within an S3 bucket. These bucket policies are put in place to only allow bucket access to users with appropriate permissions. As a project or team grows, these policies may require updates to the permissions, which means updating the S3 bucket policy.

Versioning allows teams to maintain a history of changes made to S3 bucket policies, with the added benefit of being able to restore previous policy versions if the need arises.

In this lab, you will create a backup and restore solution for Amazon S3 bucket policies. You will build a serverless architecture that utilizes Amazon EventBridge, Amazon DynamoDB, and AWS Lambda to register and restore S3 bucket policies whenever a new version is created.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

• Create an Amazon EventBridge rule to target an Amazon S3 management event
• Define an AWS Lambda function that registers S3 bucket policies in DynamoDB
• Define an AWS Lambda function that restores S3 bucket policy versions from DynamoDB

Intended audiences

• Candidates for AWS Certified Developer - Associate Certification
• Cloud Architects
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Amazon EventBridge
• Amazon Simple Storage Service (S3)
• AWS Lambda
• Amazon DynamoDB

The following content can be used to fulfill the prerequisites:

• Creating Scheduled Tasks With AWS Lambda
• Introduction to Amazon S3
• Introduction to AWS Lambda
• Introduction to DynamoDB

Updates

April 5th, 2024 - Updated the instructions and screenshots to reflect the latest UI

December 7th, 2023 - Updated DynamoDB configuration