0

I researched this and other topics. I create a new bucket "ilya_test_1" on Amazon S3. I add permission to Everyone with Upload/Delete enabled. I leave my default private permission untouched. I upload image to the bucket root.

I try to browse via browser to my image and I get AccessDenied. Shouldn't everything in this bucket be public accessible?

What I do not understand is why do I need to set the below bucket policy if I have already granted access to Everyone?

NOTE: access works if I set permissions to Everyone AND this bucket policy.

{
"Version": "2008-10-17",
"Statement": [
    {
        "Sid": "AllowPublicRead",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::ilya_test_1/*"
    }
]
}
BMW
  • 42,880
  • 12
  • 99
  • 116
Ilya Evdokimov
  • 1,374
  • 11
  • 14

1 Answers1

0

You are giving permission to upload. But in the upload, the headers can set the file to public or private. Perhaps something is setting the header to private on upload?

(Also, it's generally a bad idea to have public write on S3. You should have a server that hands out signed S3 URLs that your client can PUT/POST to. Why? Because you can more easily prevent abuse (limit size of upload, limit number of uploads per IP, etc.)

BraveNewCurrency
  • 12,654
  • 2
  • 42
  • 50
  • Thanks for the tip. While I am familiarizing with S3 operation and how to better set controlled access, my current security is public access to super-long alpha-numeric bucket names, which only the party that knows it can use. – Ilya Evdokimov Jan 19 '14 at 06:37