CODEWITHSUNDEEP
amazon-s3
Saurabh
Saurabh

Reputation: 2472

How to define permissions in Amazon s3

I have a structure on amazon like this -

(bucket name) MyImages
  ---  (key) general
       ---- 1.jpg
       ---- 2.jpg

I have created the key (general) by using S3 Firefox Organizer tool and set read permission for all. Now, by a java program when I am uploading the images inside this key, I want to set the permission of each object as the key have. But its not happening and I have to write some extra line of code for setting up the permissions of each object. 

AccessControlList acl = s3.getBucketAcl("MyImages");
// give everyone read access
acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
s3.setObjectAcl("MyImages", "general/1.jpg", acl);

Is there any way to get rid of above code. Why the objects are not getting the permission as the key or bucket?

Upvotes: 5

Views: 4565

Answers (3)

thibault ketterer
thibault ketterer

Reputation: 1024

if you want to access your bucket with a "browser" software like s3browser, s3fox or s3 browser for chrome, you need to add a permission on the root of your s3 like this.

   {
           "Effect": "Allow",
           "Action": "s3:ListAllMyBuckets",
           "Resource": "arn:aws:s3:::*"
   }

giving

{
  "Version": "2008-10-17",
  "Statement": [
    {       
      "Sid": "AllowPublicRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    },
    {
       "Effect": "Allow",
       "Action": "s3:ListAllMyBuckets",
       "Resource": "arn:aws:s3:::*"
    }
  ]
}

Upvotes: 0

S3 Browser Team
S3 Browser Team

Reputation: 2549

You may also try to use Bucket Policies to make all files inside a bucket publicly available.

Permissions can be applied for an existing files as well as for all new files.

Here is an example of Bucket Policy that makes all files in a bucket publicly available:

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowPublicRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}

Here is how to apply Bucket Policy using S3 Browser Freeware:
http://s3browser.com/working-with-amazon-s3-bucket-policies.php

Upvotes: 2

jdchowell
jdchowell

Reputation: 91

The following code works for me. Replace file_to_save with the file object you are writing to S3.

PutObjectRequest por = new PutObjectRequest("MyImages", "general/1.jpg", file_to_save);

o.setCannedAcl(CannedAccessControlList.PublicRead);

Upvotes: 8

Related Questions