Skip to content
S3 Files Workloads

Bucket

Progress checklist

Overview

Section titled “Overview”

S3FILES
Amazon S3 Files — a service that exposes an S3 bucket as a shared NFS file system. Supports EC2, EKS, ECS (Fargate), and Lambda. Uses the CLI namespace `aws s3files` and mount type `-t s3files`. Read APIs are `list-*` and `get-*` (for example `list-file-systems`, `get-file-system`), not `describe-*`. requires VERSIONING
S3 Versioning — keeps multiple versions of each object in a bucket. S3 Files requires versioning to be enabled on the linked bucket for synchronisation to work. to synchronise changes between the file system and the bucket. It also supports only SSE
Server-Side Encryption — encryption of data at rest in S3. S3 Files supports SSE-S3 (AWS-managed keys) and SSE-KMS (customer-managed keys). SSE-C is not supported. — specifically SSE-S3 or SSE-KMS. Set both before creating the file system.

  1. Set environment variables. Required

    Use these exports throughout the EC2 walkthrough. Replace values to match your environment.

    Terminal window
    export AWS_REGION=ap-southeast-6
    export BUCKET=my-s3-files-bucket        # ← replace with your real bucket name
    export BUCKET_ARN=arn:aws:s3:::${BUCKET}
    export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
    echo "Account: $ACCOUNT_ID  Region: $AWS_REGION  Bucket: $BUCKET"

  2. Create the bucket. Required

    Terminal window
    aws s3api create-bucket \
      --bucket $BUCKET \
      --region $AWS_REGION \
      --create-bucket-configuration LocationConstraint=$AWS_REGION

  3. Enable versioning. Required

    S3 Files will fail to create a file system if versioning is not enabled.

    Terminal window
    aws s3api put-bucket-versioning \
      --bucket $BUCKET \
      --versioning-configuration Status=Enabled

    Verify:

    Terminal window
    aws s3api get-bucket-versioning --bucket $BUCKET

    Expected output:

    {
      "Status": "Enabled"
    }

  4. Confirm encryption. Required

    New buckets default to SSE-S3 (AES-256). Verify:

    Terminal window
    aws s3api get-bucket-encryption --bucket $BUCKET

    The rule type must be aws:kms (SSE-KMS) or AES256 (SSE-S3). If the command returns a ServerSideEncryptionConfigurationNotFoundError, apply SSE-S3 explicitly:

    Terminal window
    aws s3api put-bucket-encryption \
      --bucket $BUCKET \
      --server-side-encryption-configuration '{
        "Rules": [{
          "ApplyServerSideEncryptionByDefault": {
            "SSEAlgorithm": "AES256"
          }
        }]
      }'

  5. Seed the demo/ prefix. Required

    Upload a single synthetic text object at demo/walkthrough.txt. The EC2 mount walkthrough uses that key for read checks (cat, aws s3 cp, greps). The script builds the file with echo lines (no heredoc) to avoid paste-terminator issues.

    Terminal window
    DEMO_ROOT=$(mktemp -d)
    WALK="$DEMO_ROOT/walkthrough.txt"
    

    {
      echo 'S3 Files walkthrough — demo fixture'
      echo '==================================='
      echo ''
      echo 'This is the one shared object for all demo scenarios in this documentation set.'
      echo 'Use it to confirm reads through the mount (cat, less, editors) and via the'
      echo 'AWS CLI (aws s3 cp) with a short but non-trivial body of text.'
      echo ''
      echo 'Canonical marker (for greps): DEMO_BUNDLE_VERSION=1'
    } > "$WALK"
    

    aws s3 cp "$WALK" "s3://$BUCKET/demo/walkthrough.txt" --region "$AWS_REGION"
    rm -rf "$DEMO_ROOT"

    Confirm the upload:

    Terminal window
    aws s3 ls "s3://$BUCKET/demo/" --region "$AWS_REGION"

    You should see demo/walkthrough.txt.

Next step

Section titled “Next step”

Continue to File System to create the file system IAM role and the S3 Files file system.