S3 Bucket Policy for download access

0

I need to configure a bucket policy that will allow a public user to download a specific file from our bucket. The download link will be served through the AWS S3 plug-in for WooCommerce. We want the public user to be able to access only the specified file via link and nothing else.

WTMP
asked 9 months ago458 views
1 Answer
0

Hi, I would suggest to write a resource-based policy in the bucket with a condition containing the username assuming that the user is identified like

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html

see proposed example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {"StringLike": {"s3:prefix": ["${aws:username}/*"]}}
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]
    }
  ]
}

You may then make it more solid by adding global conditions relevant to your use case: see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html

For example, aws:referer may be useful to tighten the policy

profile pictureAWS
EXPERT
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions