Reputation: 31
I want to block public access to my S3 bucket, but give read only access to its object
I have created an S3 bucket for my organization, where I am hosting a static webpage. I want to give read-only public access to it, but deny public access overall.
I tried adding bucket policy which provides read access and blocking the public access feature under Permissions -> Block Public access section. But it is giving me Access Denied in all the scenarios.
Disable the public access but set the s3 bucket 'allow' permission with read only action to the objects from the outside:
"Action":["s3:GetObject"]
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "eact resource information"
}
]
}
This is what my S3 Url is taking me to:
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7B5968B84E5DB018</RequestId><HostId>ehRR5C0zoZU0QO0e9SdetVsa/6TrO/kIRwynpSl+L4zFiP1I6yFwtHsembeQjnP/ozdeOgRBrdg=</HostId></Error>
Upvotes: 0
Views: 2624
Answers (1)
Reputation: 270154
To grant public access to all objects in the bucket, use this Bucket Policy:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicPermission",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::my-bucket/*"]
}
]
}
(Replace my-bucket with the name of your bucket)
You will also need to turn off Block Public Access to allow the Bucket Policy to operate.
Upvotes: 1
Related Questions
- Turning off public access to AWS S3 bucket
- Restrict read-write access from my S3 bucket
- Protect s3 Object from Public
- How to set public read only access on Amazon S3 Bucket?
- Block all objects' public access in S3 by CLI
- AWS S3 Bucket Policy to allow read-only access from my instances
- Deny Amazon S3 buckets and objects from being public
- In S3, is there a way to deny bucket owner accessing object?
- Denying direct access to AWS S3 Object
- How to set S3 bucket policy to (mostly) private when object acl is public?