How to make objects uploaded to S3 bucket readable without explicitly setting their permissions

Question

I want to make objects uploaded to S3 bucket readable without explicitly setting their permissions.

Relevant discussion I found about Digital Ocean S3 is here.

As in the above and other discussions, I was able to find solutions to set permissions only when you upload the files.

In my scenario, image files are uploaded every minute by a bunch of webcams with proprietary software, so I cannot manage the way permissions are set.

How could I update my bucket/image.jpg permissions to READ in bulk, regularly, let's say every 10 minutes?

I need a Cloud Storage to store a very large images database as well as having each image readble by a script in order to be shown into a web interface.

So far I considered scheduling command line tasks on S3 Browser software, but it seems that only upload, download and sync are allowed commands.

Is there a way using S3 API I missed, or could you suggest using a different approach from S3 Cloud Object Storage? All suggestions are most welcome.

Answer 1

The easiest solution is to create a Bucket Policy that grants s3:GetObject to all images in your upload folder.

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",           ## This grants public access - update to your needs 
      "Action": [
         "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::your-bucket-name/some-folder/*"
    }
  ]
}

This way an implicit s3:GetObject policy will be applied to your images in s3://your-bucket-name/some-folder/* and they should be accessible by you consumers.

However note that the above policy makes the images publicly readable which may not be what you want. I suggest at least restricting the read access by client IP address through a Condition which can be part of the above policy.

Hope that helps :)