Cbas
Reputation: 6213
AWS S3 prevent delete while allowing uploads
I'm building an app that lets Everyone to upload to my S3 bucket, but for security purposes I need to disable the ability to delete from the bucket. Since upload/delete permissions are bundled together in the AWS settings, how can I allow one and prevent the other?
SOLUTION:
remove the Access Policy and add a bucket policy with this:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket_name/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::<bucket_name>/*"
}
]
}
Upvotes: 1
Views: 1048
Answers (1)
E.J. Brennan
Reputation: 46879
Read this article about the difference between ACL's and IAM policies:
You want to create an IAM policy similar to this, not use an ACL:
{
"Statement": [
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket>/<optional_key>",
"Principal": {
"AWS": ["*"]
}
}
]
}
Upvotes: 3
Related Questions
- Restrict account from deleting folder in S3 but allow read/write into that folder
- AWS configuration to delete files
- Disable "delete" option for S3 objects in AWS
- aws s3 upload only policy
- Deny delete of an S3 bucket if a specific tag exists
- how to stop s3fs from deleting files added to a mounted S3 bucket
- Bucket policy to prevent bucket delete
- Deny DeleteObject with a specific tag value in S3 bucket
- How to limit user uploads in S3
- S3. How to protect my storage from many files upload by authorised users