S3 Bucket Policy for download access


I need to configure a bucket policy that will allow a public user to download a specific file from our bucket. The download link will be served through the AWS S3 plug-in for WooCommerce. We want the public user to be able to access only the specified file via link and nothing else.

asked 9 months ago458 views
1 Answer

Hi, I would suggest to write a resource-based policy in the bucket with a condition containing the username assuming that the user is identified like


see proposed example:

  "Version": "2012-10-17",
  "Statement": [
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {"StringLike": {"s3:prefix": ["${aws:username}/*"]}}
      "Action": [
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]

You may then make it more solid by adding global conditions relevant to your use case: see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html

For example, aws:referer may be useful to tighten the policy

profile pictureAWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions