amazon-s3-php-class - how to change permission

Question

I'm using the amazon-s3-php-class to help me upload files to Amazon's S3. After I upload the file, i noticed that Everyone can download it if they type the url https://url.com/mybucket/filename.file.

I can manually restrict access by using the AWS console to turn off Open/Download to the user Everyone.

How do I do this with programatically with amazon-s3-php-class? The following code did not do anything:

$s3 = new S3($AZ_KEY_ID, $AZ_KEY_SECRET);
$acp = array("acl"=>array());

$acp["acl"][] = array(
"type" => "Everyone", "uri" => "https://url.com/mybucket/filename.file", "permission" => ""
);

$s3->setAccessControlPolicy("mybucket", "https://url.com/mybucket/filename.file", $acp);

What's wrong with my code?

Answer 1

With the new AWS SDK V3 changing ACL permissions is really easy:

 $s3->putObjectAcl([
                        'Bucket' => 'myBucketName',
                        'Key' => 'myFileName',
                        'ACL' => 'private'
                    ]);

ACL can be one of these value 'ACL' => 'private|public-read|public-read-write|authenticated-read|aws-exec-read|bucket-owner-read|bucket-owner-full-control',

Answer 2

$s3 = new S3($AZ_KEY_ID, $AZ_KEY_SECRET);
$acp = $s3->getAccessControlPolicy('mybucket', 'filename.file');
foreach($acp['acl'] as $key => $val) {
    if(isset($val['uri']) && 
        $val['uri'] == 'http://acs.amazonaws.com/groups/global/AllUsers')
        unset($acp['acl'][$key]);        
}
$s3->setAccessControlPolicy('mybucket', 'filename.file', $acp)

In function getAccessControlPolicy and setAccessControlPolicy, uri should be the path related to bucket.

AllUsers equals Everyone at AWS console.

Or you can set private acl to an object, when inserting it to S3.

$s3->putObjectFile($uploadFile, 'mybucket', 'filename.file', S3::ACL_PRIVATE)