CODEWITHSUNDEEP
amazon-web-servicesamazon-s3access-control
yaboi
yaboi

Reputation: 411

Amazon S3 access control-Who can upload files?

I have a static website created with Amazon S3. The only permissions I have set are through the bucket policy provided in Amazons tutorial: 

{
  "Version":"2012-10-17",
  "Statement": [{
    "Sid": "Allow Public Access to All Objects",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Resource": "arn:aws:s3:::example.com/*"
  }
 ]
}

Clearly, this policy enables the public to view any file stored on my bucket, which I want. My question is, is this policy alone enough to prevent other people from uploading files and/or hijacking my website? I wish for the public to be able to access any file on the bucket, but I want to be the only one with list, upload, and delete permissions. Is this the current behavior of my bucket, given that my bucket policy only addresses view permissions?

Upvotes: 0

Views: 68

Answers (1)

Volkan Paksoy
Volkan Paksoy

Reputation: 6977

Have a look at this: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html#policy-eval-basics

From that document:

When a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:

By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.)

An explicit allow overrides this default.

An explicit deny overrides any allows.

So as long as you don't explicitly allow other access you should be fine. I have a static site hosted on S3 and I have the same access policy.

Upvotes: 1

Related Questions