Menu
We currently have an S3 bucket policy which makes everything public.
At the moment we a bucket "bucket1" and inside there are numbered sub folders for each entry numbers 01 upwards (e.g. 01, 02, 03) and inside that always a folder called "128".
What we want to do is make the files in the 128 folders always public.
So we'd need something to allow "bucket1/*/128" and everything else only be accessible with a time stamped signature.
Presuming this is possible but wouldn't know how to create the statement.
859
If the IAM user and S3 bucket belong to the same AWS account, then you can grant the user access to a specific bucket folder using an IAM policy. As long as the bucket policy doesn't explicitly deny the user access to the folder, you don't need to update the bucket policy if access is granted by the IAM policy.
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to create a bucket policy for or whose bucket policy you want to edit. Choose Permissions. Under Bucket policy, choose Edit.
I've done it!
I was trying all kinds of long-winded over-thought methods to try and accomplish this including the little known "not resource" when all I needed to do was take the default "allow all" policy and apply it to my specified sub-folders!
{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::BUCKETNAME/*/128/*" } ] } Note: Edited the resource name.
71
This seems to be blocked now..
This bucket has public access You have provided public access to this bucket. We highly recommend that you never grant any kind of public access to your S3 bucket.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
