How to grant read permission to an s3 object in nodejs???

0

I've been hammering away at this ll day, and still can't see where to go.

I simply want to

  1. Create an S3 bucket, configured as website enabled;
  2. Load an error.html file into it
  3. Allow public read access to the error.html

Should be three lines of code, right? Not in AWS ...

I created the bucket:

await this.send(new CreateBucketCommand({ Bucket: bucketName }));
await this.send(new DeletePublicAccessBlockCommand({ Bucket: bucketName }));
await this.send(new PutBucketWebsiteCommand({
                    Bucket: bucketName,
                    WebsiteConfiguration: {
                        ErrorDocument: { 'Key':     'error.html' },
                        IndexDocument: { 'Suffix':  'index.html' }
                    }
                }));
await this.send(new PutBucketLoggingCommand({
                    Bucket: bucketName,
                    BucketLoggingStatus: {
                        LoggingEnabled: {
                            TargetBucket: log_bucket,
                            TargetPrefix: 'logs/'
                        }
                    }
                }));

I set a public access policy (eventually figured out I had to remove the block first:

await this.send(new DeletePublicAccessBlockCommand({ Bucket: bucketName }));
let policy = {
      Version: "2012-10-17",
      Statement: [{ Sid: "PublicReadGetObject", Effect: "Allow", Principal: "*", Action: [ "s3:GetObject" ], Resource:`arn:aws:s3:::${bucketName}/*` }]
};

await this.send(new PutBucketPolicyCommand({
    Bucket: bucketName,
     Policy: JSON.stringify(policy)
 }));

I uploaded the error.html but when I try to enable global read access to the error.html using the code below I get "The bucket does not allow ACLs".

await this.send(new PutObjectAclCommand({
                        ACL: 'public-read',
                        Bucket: bucketName,
                        Key: s3File
            }));

How can I close this off and change the permissions on the error.html to Read for all?

dmb0058
asked a year ago599 views
2 Answers
0

Hello.

Are public block access settings disabled?
If this setting is not disabled, an error will occur when configuring the bucket ACL.
There are two public block access settings: bucket level and account level, so please check both.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-bucket.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html

profile picture
EXPERT
answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago
0

Hi, Yes, I deleted the bucket level block in the second line of code. It's useful to know there's an account level one as well, though I don't think I have a use for that now.

Curiously, I think I may not need to set public access on the files in the bucket anyway! The code to set the ACL on new files uploaded has been working for more than a year on buckets around a year old, but fails on new buckets. But from what I can find, the policy I set on the bucket should allow read by all on objects in it, so the object-level ACL is not only unnecessary but not allowed by default since April 2023.

I'll test this out today and see if I can settle it one way or the other.

dmb0058
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions