
# AWS S3 Hands-On — Controlling Public Access using AWS Console

### 🎯 Objective
In this lab, you will learn how to:
- Create an **Amazon S3 bucket** (private by default)
- Upload a dataset (`orders.csv`)
- Understand **S3 public access settings**
- Make the bucket/object publicly accessible
- Verify access via **public URL in an incognito window**

---

### 🧠 Key Learning Outcomes
- Understand S3’s default access controls (private by default)
- Learn how to manage **Block Public Access** settings
- Understand **Bucket Policies** and **Object Permissions**
- Safely test and verify S3 object accessibility

---

### ⚙️ Prerequisites
Before you start, ensure the following:

1. You have an **AWS Account** with access to S3 service.  
2. The dataset file `orders.csv` is available locally on your computer.  
3. Internet browser with **incognito/private mode** for testing public access.  
4. Region used: `us-east-1`.  

---



## Step 1: Create a New S3 Bucket

1. Sign in to **AWS Management Console**.  
2. Navigate to **Services → S3 → Buckets → Create bucket**.  
3. Enter a **unique bucket name**, for example:  
   `my-orders-dataset-demo`  
4. Choose region: **US East (N. Virginia) – us-east-1**.  
5. **Block Public Access settings for this bucket:**  
   - Keep all options **enabled** (default).  
   - ✅ This ensures your bucket is **private** by default.  
6. Leave remaining options as default.  
7. Click **Create bucket**.  

✅ The bucket is created successfully and is private.

---



## Step 2: Upload the Dataset (`orders.csv`)

1. Open your newly created bucket.  
2. Click **Upload** → **Add files**.  
3. Select your local file `orders.csv`.  
4. Leave storage class and encryption options as default.  
5. Click **Upload**.  

✅ The dataset is now uploaded inside your S3 bucket.

---



## Step 3: Verify File Access (Private by Default)

1. Select the file `orders.csv` in your bucket.  
2. Click on the **Object URL** shown at the top-right.  
3. A new browser tab will open. You should see an **Access Denied** message.

This is because **S3 buckets and objects are private by default.**  
AWS requires explicit permissions for public access.

✅ You have confirmed that the file is **not publicly accessible**.

---



## Step 4: Make the Object Public

### Option 1: Change Object-Level Permissions

1. In the S3 bucket, select your file `orders.csv`.  
2. Go to the **Permissions** tab.  
3. Scroll to **Access control list (ACL)**.  
4. Click **Edit**.  
5. Under **Public access**, check the box:  
   ✅ *Everyone (public access)* → *Read object*.  
6. Click **Save changes**.

### Option 2: Modify Bucket-Level Public Access Settings (if needed)

If you get a warning saying “Public access is blocked,” follow these steps:

1. Go to the **Permissions** tab of the bucket.  
2. Under **Block public access (bucket settings)**, click **Edit**.  
3. Uncheck the box **Block all public access**.  
4. Acknowledge the warning and click **Save changes**.  
5. Return to the object and enable public access again (using ACL as above).

✅ You have now made your S3 object publicly accessible.

---



## Step 5: Verify Public Access using Object URL

1. Copy the **Object URL** of `orders.csv`.  
   Example:  
   ```
   https://my-orders-dataset-demo.s3.amazonaws.com/orders.csv
   ```

2. Open a new **Incognito / Private browser window**.  
3. Paste the URL in the address bar and press Enter.  
4. You should now see the content of your `orders.csv` file displayed in the browser or prompted for download.

✅ Verification successful — the object is now public.

---



## Step 6: (Optional) Revert to Private Access

Once testing is complete, it’s a best practice to revert permissions.

1. Return to the **S3 Console → Bucket → Permissions**.  
2. Re-enable the **Block all public access** setting.  
3. Remove the “Everyone” permission from the object ACL.  

✅ Your bucket and objects are now private again.

---



## 🔍 Reflection and Key Takeaways

| Step | Concept | Key Learning |
|------|----------|--------------|
| Create | S3 Bucket | Buckets are private by default |
| Upload | Object Management | Uploaded data is secured until made public |
| Access Test | Permission Model | “Access Denied” validates private-by-default behavior |
| Public Enable | ACL & Policy | Public access can be explicitly granted |
| Verify | Object URL | Public access verified using incognito mode |
| Revert | Security Practice | Always disable public access when testing is done |

✅ **Key Learnings:**
- S3 buckets and objects are private by default.  
- Public access requires disabling block settings and setting ACLs.  
- Always verify object accessibility before sharing URLs.  
- Follow **security best practices** — keep data private unless necessary.  

---

### 🧠 **Summary**
- Created and configured a private S3 bucket.  
- Uploaded a dataset (`orders.csv`).  
- Enabled and tested public access.  
- Verified data accessibility through an incognito browser.  
- Restored private access to ensure security.

---
