Reputation: 85
How to add write permissions to everyone for AWS s3 bucket
I am using an s3 bucket and I would like to grant write permission to everyone. The AWS console is not allowing me to do this instead it is asking to use AWS CLI to enable write permission. How can enable write permissions to everyone using AWS CLI
Upvotes: 4
Views: 3113
Answers (2)
Reputation: 3044
John is correct in that in 99% of cases you should not enable write access to a bucket for everyone.
However, in my case I am developing a tool for uploading objects to S3 and I want to test all possible edge cases, including uploading to an S3 bucket as an anonymous user. As the question indicates, the AWS Management Console does indeed not let you enable public write access to a bucket (for good reason! I bet this caused way too many incidents back when it let you do this!).
So if you are in my situation, then you can run:
aws s3api put-bucket-acl --bucket bucketname --acl public-read-write
Once you've completed your testing, you can re-run the command with --acl private to make the bucket private again. Or you can use the AWS Management Console, as it will let you disable write access.
Upvotes: 3
Reputation: 269480
Granting public Read access is acceptable from a security perspective if the data is intended to be public, or it is files for a public website. This can be granted via a Bucket Policy. You will also need to deactivate Block Public Access on the bucket.
Granting public Write access is not a good idea. For example, somebody could upload the entire world's collection of copyright movies. You would be charged for the storage and you would be in violation of copyright laws. Similarly, if you allow public Read access, you would be charged for all Data Transfer charges for downloading content from the bucket, which could be considerable.
Instead, your application should control access to Amazon S3. If a user is permitted to upload to your S3 bucket, your application permit Uploading objects using presigned URLs. This way, a user can only upload if your application permits it, and there can be restrictions on things like filetype, size and filename.
Similarly, it is possible to use Amazon S3 pre-signed URLs to grant time-limited Read access to private objects stored in Amazon S3.
So, yes, you can grant public Write access via the S3 management console, but I would advise against it.
Upvotes: 5
Related Questions
- How to Give Amazon SES Permission to Write to Your Amazon S3 Bucket
- Amazon S3 Permission problem - How to set permissions for all files at once?
- Restrict read-write access from my S3 bucket
- aws s3 write permissions - access deined
- Amazon S3 Write Only access
- Setting user permissions for AWS S3 buckets
- Creating S3 Bucket folders with different permissions
- Granting write access for the Authenticated Users to S3 bucket
- Granting permissions to an Amazon S3 bucket
- Bucket permissions on Amazon