S3 Bucket Permission
Amazon’s Simple Storage Service (S3) allows its customer to maintain full control over who has access to their data with the help of its Identity Access Management (IAM) service and S3 bucket policies. For example, using Bucket Permission, one can give only reading access to one user, whereas using same permission/policy options, he can allow another user to read and write both.
We faced a similar requirement on a project a few days back, where a particular user required permission to upload files and make them publicly readable. To meet those requirements, I followed below mentioned steps, which are:
Create an IAM user and give read only access to use S3 resources.
Your user permission should be like:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}[/shell]
Now create a bucket and add the following policy to S3 bucket.
[shell]{
"Version":"2008-10-17",
"Id":"Policy1391686183873",
"Statement":[
{
"Sid":"Stmt1391686181884",
"Effect":"Allow",
"Principal":{
"AWS":"*"
},
"Action":"s3:GetObject", // actions allowed, only allowed to fetch object.
"Resource":"arn:aws:s3:::<BucketName>/*" //Change bucket name with your bucket
},
{
"Sid":"Stmt1391686181885",
"Effect":"Allow",
"Principal":{
"AWS":"arn:aws:iam::221312312:user/<UserName>" //arn:aws:iam::accountnumber:role/rolename
},
"Action":"s3:PutObject", // actions allowed, only allowed to create object.
"Resource":"arn:aws:s3:::<BucketName>/*" //Change bucket name with your bucket
}
]
}[/shell]
Note: Before using the policy remove the comments.
Now if you upload any file, it will be publicly readable.