AWS s3 "public access"

Question

When going through my bucket Permissions --> Access Control --> Public access, I can tick the 'Everyone' option.

Does that mean that literally everyone will have access to this bucket files (given the url) ?

How can I give access to everyone connected through my user pool regardless of being the owner or not of a file ?

Answer 1

Yes if you give access control public then it should accessible by the entire world. What you can do is to set a bucket policy to restrict access to your bucket. In bucket policy, you can specify the users you want to connect. Please find a sample bucket policy below,

{
	"Version": "2012-10-17",
	"Id": "Policy12345",
	"Statement": [
		{
			"Sid": "Stmt12345",
			"Effect": "Allow",
			"Principal": "*", //* means public . Specify your users here
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::BUCKETNAME/*"
		}
	]
}

In the 'Principal' section mention the users you want to connect (comma separated). Say for example if you have to ARNs to add in principal then,

 "Principal" :  {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666‌​:root"]} 

and if there only one then,

"Principal" : {"AWS" : "arn:aws:iam::111122223333:root"}

Please see more details about bucket policy here

If you want object level permission instead of bucket level permission then go for access control list. Please find more details here