CODEWITHSUNDEEP
amazon-web-servicesamazon-s3
argo
argo

Reputation: 521

Access a public AWS s3 bucket

A group of us friends are doing a project in map-reduce and are working on a common data set. My friend has uploaded the data on an s3 bucket using his AWS account and has set the s3 bucket policy to this:

{
    "Version": "2008-10-17",
    "Id": "Policy1417380373111",
    "Statement": [
        {
            "Sid": "Stmt1417380310953",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket-name>/*"
        },
        {
            "Sid": "Stmt1417380367754",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::<bucket-name>/*"
        }
    ]
}

Note: The <bucket-name> in the above policy is set to the name of the bucket.

Now how can I mount this public bucket as one of s3 buckets in my aws account?

Upvotes: 2

Views: 8036

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 269091

The bucket policy displayed will permit anyone to Upload (PutObject) and Download (GetObject) from the indicated Amazon S3 bucket.

However, it will not allow listing of the bucket, which is most likely required for your map-reduce operations. So, I would also recommend granting ListBucket permissions on the bucket itself:

{
  "Id": "SomeID",
  "Statement": [
    {
      "Sid": "SomeID",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::<bucket-name>",
        "arn:aws:s3:::<bucket-name>/*"
      ],
      "Principal": {
        "AWS": [
          "123456789012"
        ]
      }
    }
  ]
}

Also, it is not recommended to grant public access to your bucket. Instead, your friend should enter your Account Number in the Principal field, so that you can access the data but nobody else can access it.

All of this will make your bucket accessible, but it will not appear in your Amazon S3 management console, nor can you "mount" the bucket to your own account. However, you will be able to List, Get and Put objects.

You can test this with the AWS Command Line Interface (CLI). Try listing the contents of the shared bucket, or copy a file to it:

$ aws s3 ls s3://<bucket-name>
$ aws s3 cp file.txt s3://<bucket-name>/file.txt

Upvotes: 5

Related Questions