Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to create a bucket with Public Read Access?

I´d like to enable Public Read-Access on all items in my Bucket that are in the "public" folder in the serverless.yml file.

Currently this is definition code i use to declare my bucket. Its a bit of copy and paste from one of the serverless-stack examples.

Resources:
  AttachmentsBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      # Set the CORS policy
      BucketName: range-picker-bucket-${self:custom.stage}
      CorsConfiguration:
        CorsRules:
          -
            AllowedOrigins:
              - '*'
            AllowedHeaders:
              - '*'
            AllowedMethods:
              - GET
              - PUT
              - POST
              - DELETE
              - HEAD
            MaxAge: 3000

# Print out the name of the bucket that is created
Outputs:
  AttachmentsBucketName:
    Value:
      Ref: AttachmentsBucket

Now when i try to use a url for a file, it returns access denied. I manually have to set the public read permission for every file by hand in the aws-s3 web interface.

What am i doing wrong?

like image 657
Klaas Avatar asked Jan 18 '19 18:01

Klaas


People also ask

Can we make S3 bucket public?

Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Bucket name list, choose the name of the bucket that you want. Choose Permissions. Choose Edit to change the public access settings for the bucket.

Should I make my S3 bucket public?

As long as you don't mess up and put anything other than website files in that bucket it should be OK. Everything in that bucket is visible to everyone. They can see and download every file.


1 Answers

Instead of using CorsConfiguration on the bucket, you need to attach a bucket policy to it. Try the following:

Resources:
  AttachmentsBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: range-picker-bucket-${self:custom.stage}

  AttachmentsBucketAllowPublicReadPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref AttachmentsBucket
      PolicyDocument:
        Version: "2012-10-17"
        Statement: 
          - Effect: Allow
            Action: 
              - "s3:GetObject"
            Resource: 
              - !Join ['/', [!Ref AttachmentsBucket, 'public']]
            Principal: "*"

like image 126
Milan Cermak Avatar answered Nov 28 '22 14:11

Milan Cermak