Setting specific permission in amazon s3 boto bucket
Question:
I have a bucket called ‘ben-bucket’ inside that bucket I have multiple files.
I want to be able to set permissions for each file URL.
I’m not too sure but I’m assuming if I wanted URL for each file inside a bucket.
My URL would be like this?
https://ben-bucket.s3.amazonaws.com/<file_name>
So basically, I want to set a public access to that URL. How would I do it?
I tried this and it doesn’t work
bucket = s3.Bucket('ben-bucket').Object('db.sqlite')
bucket.BucketAcl('public-read')
print bucket_acl
The code provided. db.sqlite is one of the files inside my bucket ben-bucket The code doesn’t work. I want to be able to access the following URL publicly
https://ben-bucket.s3.amazonaws.com/db.sqlite
The code I provided doesn’t set the permission to public-read.
Answers:
By default, all objects in Amazon S3 are private. You can then add permissions so that people can access your objects. This can be done via:
- Access Control List permissions on individual objects
- A Bucket Policy that grants wide-ranging access based on path, IP address, referrer, etc
- IAM Users and Groups that grant permissions to Users with AWS credentials
- Pre-Signed URLs
If you wish to grant public access to your entire bucket, the simiplest option is to create a Bucket Policy like this (from Bucket Policy Examples]:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/*"]
}
]
}
If you wish to grant public access only to a sub-directory within the bucket, use:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/PATH/*"]
}
]
}
Yes, you could also set the permissions on each individual file. The code for that would be:
import boto3
s3 = boto3.resource('s3')
object = s3.Bucket('ben-bucket').Object('db.sqlite')
object.Acl().put(ACL='public-read')
Reference: Boto3 S3 access controls
I have a bucket called ‘ben-bucket’ inside that bucket I have multiple files.
I want to be able to set permissions for each file URL.
I’m not too sure but I’m assuming if I wanted URL for each file inside a bucket.
My URL would be like this?
https://ben-bucket.s3.amazonaws.com/<file_name>
So basically, I want to set a public access to that URL. How would I do it?
I tried this and it doesn’t work
bucket = s3.Bucket('ben-bucket').Object('db.sqlite')
bucket.BucketAcl('public-read')
print bucket_acl
The code provided. db.sqlite is one of the files inside my bucket ben-bucket The code doesn’t work. I want to be able to access the following URL publicly
https://ben-bucket.s3.amazonaws.com/db.sqlite
The code I provided doesn’t set the permission to public-read.
By default, all objects in Amazon S3 are private. You can then add permissions so that people can access your objects. This can be done via:
- Access Control List permissions on individual objects
- A Bucket Policy that grants wide-ranging access based on path, IP address, referrer, etc
- IAM Users and Groups that grant permissions to Users with AWS credentials
- Pre-Signed URLs
If you wish to grant public access to your entire bucket, the simiplest option is to create a Bucket Policy like this (from Bucket Policy Examples]:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/*"]
}
]
}
If you wish to grant public access only to a sub-directory within the bucket, use:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/PATH/*"]
}
]
}
Yes, you could also set the permissions on each individual file. The code for that would be:
import boto3
s3 = boto3.resource('s3')
object = s3.Bucket('ben-bucket').Object('db.sqlite')
object.Acl().put(ACL='public-read')
Reference: Boto3 S3 access controls