S3 bucket policy settings

Question

want to protect all my objects in the bucket and my bucket should be publicly accessible through URL how can we do that and I want it in such a way that anyone can getobjects but only iam user can store the object i.e putobjects 
Please help me out for this configuration

Accepted Answer

Hi Gouda!

Organizing your scenario:
1. Your bucket should be publicly accessible through a URL.
2. Anyone can retrieve objects from the bucket.
3. Only IAM users can upload (put) objects into the bucket.

You can use the following bucket policy to implement this:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        },
        {
            "Sid": "IAMPutObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:user/YOUR_IAM_USERNAME"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        }
    ]
}
```

Make right replaces on policy.

Remember to attach the necessary S3 permissions to the IAM user's permissions policy to allow uploading objects.

I'll keep tracking your comments to see if you've found a resolution.

S3 bucket policy settings

Relevant content