I´d like to enable Public Read-Access on all items in my Bucket that are in the "public" folder in the serverless.yml file.
Currently this is definition code i use to declare my bucket. Its a bit of copy and paste from one of the serverless-stack examples.
Resources:
AttachmentsBucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: PublicRead
# Set the CORS policy
BucketName: range-picker-bucket-${self:custom.stage}
CorsConfiguration:
CorsRules:
-
AllowedOrigins:
- '*'
AllowedHeaders:
- '*'
AllowedMethods:
- GET
- PUT
- POST
- DELETE
- HEAD
MaxAge: 3000
# Print out the name of the bucket that is created
Outputs:
AttachmentsBucketName:
Value:
Ref: AttachmentsBucket
Now when i try to use a url for a file, it returns access denied. I manually have to set the public read permission for every file by hand in the aws-s3 web interface.
What am i doing wrong?
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Bucket name list, choose the name of the bucket that you want. Choose Permissions. Choose Edit to change the public access settings for the bucket.
As long as you don't mess up and put anything other than website files in that bucket it should be OK. Everything in that bucket is visible to everyone. They can see and download every file.
Instead of using CorsConfiguration
on the bucket, you need to attach a bucket policy to it. Try the following:
Resources:
AttachmentsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: range-picker-bucket-${self:custom.stage}
AttachmentsBucketAllowPublicReadPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref AttachmentsBucket
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:GetObject"
Resource:
- !Join ['/', [!Ref AttachmentsBucket, 'public']]
Principal: "*"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With