After migrating the blog to a PaaS service I had a proble that the disk space was volatile and I had to store the images and binary files on another server or CDN. After thinking for a while I decied to give a try to amazon S3.

Created a bucket that I'm going to use as CDN for now on, but geeking around I saw that the permissions are modified by file, not by folder/bucket. Searching aroung the docs I found the policies, that are JSON strings wich include properties for the entire bucket.

For making a read-only public bucket you need this:

{
  "Version": "2008-10-17",
  "Statement": [{
    "Sid": "AllowPublicRead",
    "Effect": "Allow",
    "Principal": {
      "AWS": "*"
    },
    "Action": ["s3:GetObject"],
    "Resource": ["arn:aws:s3:::/*"]
  }]
}

Replace <bucket name> for yours and apply changes. With this the entire bucket will be publicy accesible, but if you want to be more restrictive, you may specify a subfolder:

"Resource": ["arn:aws:s3:::<bucket>/<path>/*"]

Hope this helps.