1

I want to host a simple static site on AWS S3.

The only thing I want is to grant is READ-ONLY access, considering that mine is a static site.

For a similar problem, some time ago I found somewhere this bucket policy to overcome access problems

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::enrico-site/*"
        }
    ]
}

Now I simply copy and paste this policy and I get a warning stating

enter image description here

Looking at the content of the policy, it seems it grants only GET and READ permissions, but I am far from an expert when it comes to security.

Considering that I want to grant anybody to access the static content of the bucket, i.e. READ ONLY but no WRITE permission, what is that I should do? Should I worry for the warning I get ?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Picci
  • 16,775
  • 13
  • 70
  • 113
  • 2
    This is fine. AWS made changes recently to make it more obvious to console users when their S3 buckets were publicly accessible. It's an additional clue to help those people that mistakenly opened up their buckets to the public. – jarmod Nov 25 '17 at 21:31
  • Did you change the `Resource` setting accordingly? – hjpotter92 Nov 25 '17 at 21:31

1 Answers1

4

You are correct that above policy enables anyone to get/download any object in your bucket. If you wish to use the bucket only for website hosting purpose this is "fine" and you can ignore the warning.

However, if you want to make only specific objects public e.g. index page etc., you can get rid of the bucket policy and instead use object ACL only to make those files/objects publicly available. AWS has a fairly detailed tutorial as well.

sudo
  • 2,237
  • 1
  • 9
  • 14