I have a bucket on S3 named xyz. Inside the bucket I have html file at 786/html/index.html and multiple images inside 786/html/images/. The folders and files have the permissions of full control for owner. I am using aws ruby-sdk for generating the url for 786/html/index.html and page is working fine but the images at 786/html/images are not being rendered in 786/html/index.html. It is giving me the following error on browser console:-
Failed to load resource: the server responded with a status of 403 (Forbidden)
Now I gave public read permission to 786/html/images. 786 and 786/html have the permissions for only owner. Now 786/html/index.html is able to render the images, but now the images are also accessible by public_url. I am confused as 786 and 786/html does not have public permissions still images are accessible.
A possible solution can be to append AwsAccessKey and signature to the source of image present inside the index.html. But as we have multiple images hence we need to have a generic signature.
Suggestions need
Thanks, Apurva Mayank
By default, all Amazon S3 buckets and objects are private. Only the resource owner which is the Amazon account that created the bucket can access that bucket. The resource owner can, however, choose to grant access permissions to other resources and users.
Open the Amazon S3 console at https://console.aws.amazon.com/s3/ . Select the bucket that you want AWS Config to use to deliver configuration items, and then choose Properties. Choose Permissions.
Thanks! S3 isn't a Linux file system. It won't retain any Linux permissions because they don't apply to S3.
To set ACL permissions for a bucketSign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to set permissions for. Choose Permissions. Under Access control list, choose Edit.
S3 is an object store. It is not a hierarchical filesystem and does not actually have "folders."
Object keys can have prefixes which are delimited by convention with /
.
This gives the illusion of folders, but this isn't the same as there being an actual hierarchy. Every object's permissions are independent, subject to policies (which can also include prefix references).
But to say "786 and 786/html does not have public permission" but "786/html/images" does have public permission has no meaning in S3 since the objects "under" those "folders" are not actually associated with them.
Whatever you are using to work with your bucket may be giving you an impression that things are otherwise, or may be manpulating permissions of objects "in a folder" and giving you the impression that these permissions are inherited.
If your intention is to make the html file viewable only with a signed URL, or to make the images visible only with the page (and not downloadable on their own) then your code will also need to fully-qualify and sign the urls for the embedded images (and the file, if you want that to be private as well).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With