Reputation: 41
AWS S3 Policy for authenticated users
I'm trying to set a S3 Policy bucket but it does not work at all. I need to allow to upload files to anonymous users but only authenticated users can download those. I tried 2 thinks:
{
"Id": "Policy1378380575437",
"Statement": [
{
"Sid": "Stmt1378380436712",
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my_bucket/*",
"Principal": {
"AWS": [
"*"
]
}
},
{
"Sid": "Stmt1378380568645",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my_bucket/*",
"Principal": {
"AWS": [
"arn:aws:iam::1111111111:root"
]
}
}
]
}
But the problem is the GetObject is allowed by default, then it means anonymous users can download files. I tried to add a new Sid denying for * the GetObject but denies always override allows.
I appreciate any suggestion.
Thanks.
Upvotes: 4
Views: 2053
Answers (1)
Reputation: 72
I think you could do this with ACLs. Change the permissions on your bucket to requiring ACL 'authenticated-read'. Your users will have to set that ACL flag on their uploads or they'll get an accessed denied error, but if you can get them to set that flag I think this may work for you. Editing Bucket Permissions
Upvotes: 1
Related Questions
- S3 bucket policy: allow full access to a bucket and all its objects
- AWS S3 ACL Permissions
- aws s3 bucket policy
- How can I set a policy for an s3 bucket that allows authenticated users to list the bucket or get any file from the bucket
- S3 Bucket Policy to Allow access to specific users and restrict all
- AWS S3 bucket access control
- AWS S3 bucket policy
- s3 bucket policy post
- Setting policy for S3 bucket for authorized users
- AWS S3: user policy for specifc bucket