- Create S3 bucket with versioning enabled and add bucket_policy
- Create gateway VPC endpoint for your S3 bucket
- Create IAM policies: s3_user_policy, s3_admin_policy, lambda_policy, blocking-policy (blocking-policy must be attached to s3_user)
- Create IAM Users (s3_user and s3_admin) and IAM Role for Lambda and attach proper policies.
- Create 3 Lambda functions; restore_objects Lambda can be placed inside your VPC to make use of S3 VPC gateway endpoint - IAM Role will require additional permissions to create ENI; use the same IAM Role for all Lambdas
- Copy/paste python scripts' contents to Lambda functions and do necessary replacements of variables eg. bucket_name
- Create public Lambda URLs for all 3 Lambdas
- Install and configure AirLiveDrive (recommended for multiuser real-time scenario - 1 second cache settings) and mount S3 as drive in Windows
- Use Lambdas' public URL with paramater 'path' to:
a) To restore objects in specific directory (example: S3/Dirname/Subdirname/Another dir) use Lambda URL with query string: restrore.lambda-url.us-east-1.on.aws/?path=Dirname/Subdirname/Another dir
b) To block access for s3_user in specific directory/file:(example: S3/Dirname/Subdirname/Another dir) use Lambda URL with query string: lock.lambda-url.us-east-1.on.aws/?path=Dirname/Subdirname/Another dir
- block Lambda affects only s3_user - blocking-policy is attached to s3_user
c) To unlock access for s3_user in specific directory/file:(example: S3/Dirname/Subdirname/Another dir) use Lambda URL with query string: unlock.lambda-url.us-east-1.on.aws/?path=Dirname/Subdirname/Another dir