Jaishree Mishra
Jaishree Mishra

Reputation: 545

AWS S3 make bucket public

I am logged in AWS with admin privilege. I am trying to make a bucket public read, write. I have deselected these options. I also followed this one Duplicate and tried to update bucket policy, but getting access denied error. All those answers are from 2018.

Block public access (bucket settings)

Access Deny

Upvotes: 1

Views: 2781

Answers (2)

Chris Williams
Chris Williams

Reputation: 35213

If your bucket policy is using the following then at least this is setup to allow public read and write. Be aware this is anonymous so anyone can perform a read or write to the bucket, you will still be responsible for this.

{
   "Version":"2012-10-17",
   "Statement":[{
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal":"*",
      "Action":[
         "s3:GetObject",
         "s3:PutObject"
      ],
      "Resource":[
         "arn:aws:s3:::bucketname/*"
      ]
    }]
}

Be aware that if ACLs are involved you would also need to apply the permissions of s3:PutObjectAcl. In addition the ACL would need to grant the public read/write which would be counterintuitive as you're using a bucket policy to do this.

If you're getting access denied when updating the bucket policy your user is prohibited from performing the action.

There are a few reasons why this could occur:

  • Your IAM user does not have the IAM policy permissions.
  • Your account is part of an AWS organisation that is using an SCP (Service Control Policy) to prohibit applying a bucket policy.
  • Your IAM user has been configured with an IAM boundary that it prohibiting this access.

If you do not have the ability to modify your permissions or your account was given to you via a service you would need to communicate with them.

Upvotes: 0

Jeremias Moraes
Jeremias Moraes

Reputation: 522

The link that you referred is still working fine!

Along with "Bucket Public Access" option, you should paste the following bucket policy in "Bucket Policy":

{
   "Version":"2012-10-17",
   "Statement":[{
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal":"*",
      "Action":[
         "s3:GetObject",
         "s3:PutObject"
      ],
      "Resource":[
         "arn:aws:s3:::your-bucket-arn-here/*"
      ]
    }]
}

This grants both read and write operations into your bucket.

Please, remember to change your bucket's Amazon Resource Name (arn) where key in bucket policy points to "Resource".

You can find your bucket's arn above bucket policy paste field.

Also, you may make use of AWS policies generator for further access grants.

I hope I might help.

Upvotes: 2

Related Questions