How do I use the aws cli to set permissions on files in an S3 bucket?

Question

I am new to the aws cli and I've spent a fair amount of time in the documentation but I can't figure out how to set permissions on files after I've uploaded them. So if I uploaded a file with:

aws s3 cp assets/js/d3-4.3.0.js s3://example.example.com/assets/js/

and didn't set access permissions, I need a way to set them. Is there an equivalent to chmod 644 in the aws cli?

And for that matter is there a way to view access permission?

I know I could use the --acl public-read flag with aws s3 cp but if I didn't, can I set access without repeating the full copy command?

Answer 1

The awscli supports two groups of S3 actions: s3 and s3api.

You can use aws s3api put-object-acl to set the ACL permissions on an existing object.

The logic behind there being two sets of actions is as follows:

• s3: high-level abstractions with file system-like features such as ls, cp, sync
• s3api: one-to-one with the low-level S3 APIs such as put-object, head-bucket

In your case, the command to execute is:

aws s3api put-object-acl \
    --bucket example.example.com \
    --key assets/js/d3-4.3.0.js \
    --acl public-read

Note that, as of April 2023, S3 Block Public Access is now enabled by default for all new buckets, so you will not be able to set a public-read ACL on objects in those buckets without first disabling Block Public Access for that bucket. Additionally, it is possible to disable ACLs entirely in an S3 bucket through recently-introduced Object Ownership settings.