Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Amazon S3 bucket policy for anonymously uploading photos to a bucket

Tags:

amazon-s3

I am planning on using Amazon S3 to let users upload photos from an iPhone and then let them be publicly viewable.

I am having some trouble understanding how to set up these security constraints in the bucket policy:

  • Everyone can read every file.
  • Everyone can upload a new file that is maximum 256K large.
  • No one can delete any file.
  • No one can modify any file.
like image 684
Jon Tirsen Avatar asked Nov 29 '11 12:11

Jon Tirsen

People also ask

What is an example bucket policy for Amazon S3?

The following example bucket policy grants Amazon S3 permission to write objects (PUTs) from the account for the source bucket to the destination bucket. You use a bucket policy like this on the destination bucket when setting up Amazon S3 inventory and Amazon S3 analytics export.

How do I assign permissions to an Amazon S3 bucket?

You can specify permissions for each resource to allow or deny actions requested by a principal (a user or role). When you create a new Amazon S3 bucket, you should set a policy granting the relevant permissions to the data forwarder’s principal roles.

How can I limit uploads to only certain file types in S3?

I want only certain file types to be stored on my Amazon Simple Storage Service (Amazon S3) bucket. How can I limit uploads so that my bucket accepts only those file types? Add statements to your bucket policy that do the following: Allow the s3:PutObject action only for objects that have the extension of the file type that you want.

Why am I being denied access to my Amazon S3 bucket?

If a user doesn't meet the specified conditions, even the user who enters the bucket policy can get denied access to the bucket. Therefore, you must carefully review the bucket policy before saving it. If you've accidentally locked the bucket, then see I accidentally denied everyone access to my Amazon S3 bucket.

1 Answers

Ok I sort of worked it out in the end. The only thing is that you can't set different permissions on adding files and updating files. They are all covered by s3:PutObject. Also, it doesn't seem possible to restrict file size.

{
    "Version": "2008-10-17",
    "Id": "policy",
    "Statement": [
        {
            "Sid": "allow-public-read",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*"
        },
    {
            "Sid": "allow-public-put",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucket/*"
        }
  ]
}
like image 68
Jon Tirsen Avatar answered Nov 15 '22 22:11

Jon Tirsen
Sign in to Comment

Related questions

AWS S3 : Do Lifecycle rules accept regex?
Application logging with ELK stack
ImportError: No module named custom storages - django-storages boto
Converting mysql table to spark dataset is very slow compared to same from csv file
Handling S3 Bucket Trigger Event in Lambda Using Python
Configure Nginx for aws s3 static and media files
boto3 S3: get_object error handling
Spark writing/reading to/from S3 - Partition Size and Compression
Iterate over files in an S3 bucket with folder structure
S3 Select CSV Headers
boto3 copy vs copy_object regarding file permission ACL in s3
Terraform AWS S3 to Lambda Notification Trigger
Identifying and deleting S3 Objects that are not being accessed?
Creating presigned url for a S3 folder in python
Storing many small files (on S3)?
How can I bypass the 10MB limit of AWS API gateway and POST large files to AWS lambda?
search in each of the s3 bucket and see if the given folder exists
Creating large zip files in AWS S3 in chunks
Hotlinking Twitter avatar images?
PHP save remote image to Amazon S3

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!