S3 bucket policy settings

0

want to protect all my objects in the bucket and my bucket should be publicly accessible through URL how can we do that and I want it in such a way that anyone can getobjects but only iam user can store the object i.e putobjects Please help me out for this configuration

Gouda
질문됨 8달 전223회 조회
1개 답변
0
수락된 답변

Hi Gouda!

Organizing your scenario:

  1. Your bucket should be publicly accessible through a URL.
  2. Anyone can retrieve objects from the bucket.
  3. Only IAM users can upload (put) objects into the bucket.

You can use the following bucket policy to implement this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        },
        {
            "Sid": "IAMPutObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:user/YOUR_IAM_USERNAME"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        }
    ]
}

Make right replaces on policy.

Remember to attach the necessary S3 permissions to the IAM user's permissions policy to allow uploading objects.

I'll keep tracking your comments to see if you've found a resolution.

profile picture
답변함 8달 전
profile picture
전문가
검토됨 8달 전
  • Agree with the Get object. The PutObject, technically if its in the same account account, you could just use IAM Policies instead of using the bucket policy to grant access.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인