96 lines
4.1 KiB
HTML
96 lines
4.1 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<title>Amazon S3 bucket public read policy | Blog | Felipe Martin</title>
|
|
<link rel="stylesheet" href="/static/css/style.css">
|
|
<link rel="alternate" type="application/rss+xml" title="RSS Feed for fmartingr.com" href="/feed.xml" />
|
|
<link rel="icon" href="/static/images/favicon.ico">
|
|
<!-- Mobile -->
|
|
<meta name="HandheldFriendly" content="True">
|
|
<meta name="MobileOptimized" content="320">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0">
|
|
<meta http-equiv="cleartype" content="on">
|
|
|
|
|
|
</head>
|
|
<body class="blog post">
|
|
<div class="page-content center">
|
|
<header>
|
|
<div class="avatar">
|
|
<img class="avatar" src="/static/images/avatar.jpg?h=f834fb12">
|
|
</div>
|
|
<h1>Felipe Martín</h1>
|
|
<nav>
|
|
<a href="/">/home</a>
|
|
|
|
<a class="text-bold" href="/blog/">/blog</a>
|
|
|
|
<a href="/about/">/about</a>
|
|
|
|
</nav>
|
|
</header>
|
|
<hr>
|
|
<section class="main-content">
|
|
|
|
|
|
|
|
<article class="blog-post">
|
|
<h1 class="title"><a href="/blog/2012/11/23/amazon-s3-bucket-public-read-policy/">Amazon S3 bucket public read policy</a></h1>
|
|
<div class="info">
|
|
Published on November 23, 2012
|
|
</div>
|
|
|
|
<div class="content">
|
|
|
|
<p>After migrating the blog to a PaaS service I had a proble that the disk space
|
|
was volatile and I had to store the images and binary files on another server
|
|
or CDN. After thinking for a while I decied to give a try to amazon S3.</p>
|
|
<p>Created a bucket that I'm going to use as CDN for now on, but geeking around I
|
|
saw that the permissions are modified by file, not by folder/bucket. Searching
|
|
aroung the docs I found the policies, that are JSON strings wich include
|
|
properties for the entire bucket.</p>
|
|
<p>For making a read-only public bucket you need this:</p>
|
|
<div class="hll"><pre><span></span><span class="p">{</span>
|
|
<span class="s2">"Version"</span><span class="o">:</span> <span class="s2">"2008-10-17"</span><span class="p">,</span>
|
|
<span class="s2">"Statement"</span><span class="o">:</span> <span class="p">[{</span>
|
|
<span class="s2">"Sid"</span><span class="o">:</span> <span class="s2">"AllowPublicRead"</span><span class="p">,</span>
|
|
<span class="s2">"Effect"</span><span class="o">:</span> <span class="s2">"Allow"</span><span class="p">,</span>
|
|
<span class="s2">"Principal"</span><span class="o">:</span> <span class="p">{</span>
|
|
<span class="s2">"AWS"</span><span class="o">:</span> <span class="s2">"*"</span>
|
|
<span class="p">},</span>
|
|
<span class="s2">"Action"</span><span class="o">:</span> <span class="p">[</span><span class="s2">"s3:GetObject"</span><span class="p">],</span>
|
|
<span class="s2">"Resource"</span><span class="o">:</span> <span class="p">[</span><span class="s2">"arn:aws:s3:::/*"</span><span class="p">]</span>
|
|
<span class="p">}]</span>
|
|
<span class="p">}</span>
|
|
</pre></div>
|
|
<p>Replace <bucket name> for yours and apply changes. With this the entire
|
|
bucket will be publicy accesible, but if you want to be more restrictive, you
|
|
may specify a subfolder:</p>
|
|
<div class="hll"><pre><span></span><span class="s2">"Resource"</span><span class="o">:</span> <span class="p">[</span><span class="s2">"arn:aws:s3:::<bucket>/<path>/*"</span><span class="p">]</span>
|
|
</pre></div>
|
|
<p>Hope this helps.</p>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<hr />
|
|
</article>
|
|
|
|
<div class="block-info">
|
|
If you want to approach me directly about this post use the most appropriate channel
|
|
from <a href="/about/">the about page</a>.
|
|
</div>
|
|
|
|
</section>
|
|
<hr>
|
|
<footer>
|
|
Site created using <a target="_blank" href="https://getlektor.com">Lektor</a>. Source code available in <a target="_blank" href="https://github.com/fmartingr/fmartingr.com">Github</a>
|
|
</footer>
|
|
|
|
|
|
|
|
</body>
|
|
</html>
|