Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I limit files in S3 based on their extension?

Tags:

amazon-s3

I'm serving a static website using an Amazon S3 bucket. I know that I can limit read access to certain "folders" (really keys, since S3 doesn't have folders) but what I'd really like to do is limit access by file extension.

In other words, I want to say "give read access to everyone for any file in this bucket, as long as that file ends in htm/css/js/png"; is that possible?

(As an aside, my concern is that I will accidentally upload a .git file, or something similar that I don't want to show to the world; setting a security policy to prevent such files from being shown seems safer than trusting myself to never accidentally upload the wrong file).

like image 433
machineghost Avatar asked Oct 31 '12 23:10

machineghost


People also ask

Can you limit the size of an S3 bucket?

S3 provides unlimited scalability, and there is no official limit on the amount of data and number of objects you can store in an S3 bucket. The size limit for objects stored in a bucket is 5 TB.


1 Answers

Yes, it's possible. You can write a Bucket Policy. You can use regular expressions to define which objects are affected by your policy (examples).

Your policy will be something similar to :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "auniqueid",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*.jpg"
        }
    ]
}

This will deny access to all jpg files of the buket bucket.

like image 64
lstern Avatar answered Sep 30 '22 09:09

lstern