Skip to content

S3 Operations

Overview

In this lab, you'll use your AI coding agent to create and configure an Amazon S3 bucket with security best practices — versioning, encryption, public access blocking, and lifecycle rules — all through natural language prompts to the MCP Server.

What You'll Learn

  • How to create and configure S3 buckets through your agent's MCP Server connection
  • How to apply security best practices (encryption, public access blocking) via natural language
  • How lifecycle rules automate object management

Instructions

Explore

Try to accomplish this goal using your agent. Here are some hints if you get stuck:

  1. Ask your agent to create a bucket with a unique name that includes your participant ID
  2. Tell your agent you want versioning enabled, server-side encryption with AES-256, and all public access blocked
  3. Ask your agent to add a lifecycle rule that transitions objects to Glacier after 90 days
Step-by-step Walkthrough
  1. Open your agent and enter the following prompt:

Create an S3 bucket named workshop-secure-{participant-id} with the following configuration: versioning enabled, server-side encryption using AES-256, all public access blocked, and a lifecycle rule that transitions objects to S3 Glacier after 90 days.

Replace {participant-id} with your actual participant ID from the Workshop Studio console.

  1. Your agent will make several API calls through the MCP Server:
  2. CreateBucket to create the bucket
  3. PutBucketVersioning to enable versioning
  4. PutBucketEncryption to configure SSE-AES256
  5. PutPublicAccessBlock to block all public access

  6. PutBucketLifecycleConfiguration to add the Glacier transition rule

  7. Verify the configuration by asking your agent:

Show me the current configuration of the workshop-secure bucket — versioning status, encryption settings, public access block, and lifecycle rules.

  1. Your agent should confirm all settings are correctly applied.

Validation

Open the CloudWatch Dashboard in the AWS Console. The Module 3 widget checks:

  • ✅ S3 bucket versioning is Enabled
  • ✅ Public access block is set to block all

You can also ask your agent:

Check if my workshop-secure bucket has versioning enabled and public access fully blocked.

Agent-Specific Tips

Claude Code can chain multiple S3 configuration calls in a single response. If the bucket already exists, ask Claude to just update the configuration:

Use the MCP Server to check if workshop-secure-{id} exists, and if so, ensure versioning and encryption are enabled.

Kiro will use the AWS MCP tools to make API calls. You can ask Kiro to explain each API call it makes:

Create the S3 bucket and explain each AWS API call you're making through the MCP Server.

Cursor with the AWS toolkit can execute the S3 operations through the MCP Server. Be explicit about the bucket name to avoid Cursor creating a random name:

Create S3 bucket with the exact name workshop-secure-{id} — don't generate a random suffix.

Codex can execute the MCP Server calls to configure S3. If Codex tries to write a script instead of making direct API calls, redirect it:

Use the MCP Server directly to create and configure the S3 bucket — don't write a script, use the API tools.