Reputation: 1100
s3 bucket access control - making them recursive
I am trying to write to an S3 bucket that belongs to client A, the client that's trying to write to S3 bucket is client B (the setup has been done to enable B to write to bucket A).
Following this tutorial - http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example3.html
While I could grant full control access to an object client B is writing to A's bucket through the below commands
aws s3api put-object --bucket examplebucket --key HappyFace.jpg --body HappyFace.jpg --profile AccountBadmin
aws s3api put-object-acl --bucket examplebucket --key HappyFace.jpg --grant-full-control id="AccountA-CanonicalUserID" --profile AccountBadmin
I am wondering is there any way to make to make that behavior the default for future objects client B will create. I tried in vain doing that but essentially I want to create a folder object in client A's bucket and then whatever is written into that folder recursively needs to inherit the folder's permission.
Upvotes: 1
Views: 667
Answers (1)
Reputation: 1100
I did an extensive research and found that one can't setup a policy for a client to have a predefined permission for a new object that will be created. Only after a new object is created it's permission can be set (I think you can do it when creating the object as well).
Upvotes: 2
Related Questions
- Downloading an entire S3 bucket?
- how to ensure that Athena result S3 object with bucket-owner-full-control
- AWS: Will block all bucket public access affect the access from other AWS accounts?
- (MalformedXML) when calling the PutBucketReplication
- S3 cross account access involving 3 accounts
- jclouds set bucket-owner-full-control acl
- S3api CLI Put Command Issue