For the testing purpose I have uploaded 'n'- number of files to a folder in the s3 bucket as "any aws user" ACL. Now I want to change ACL to "private" for all the files in that folder. I find that it can be done more easily by a third-party tool called s3cmd. But I have no permission to use third party tools. So is there any way to do it by the aws console(other than doing it programtically iterating over each file and setting the ACL).I am using php api's, Or is there any way to set acl recursively through AWS cli
Asked
Active
Viewed 1,205 times
1 Answers
0
You can Refer to this AWS CLI Documentation using put-bucket-acl the adding --acl to private
Alternatively you can specify with bucket policy to enforce private access to bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PrivateAclPolicy", "Effect": "Deny",
"Principal": { "AWS": "*"},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucket_name/foldername/*"
],
"Condition": {
"StringNotEquals": {
"s3:x-amz-acl": [
"private"
]
}
}
}
]
}
Replace bucket_name and foldername with the name of your bucket and folder.
Thanks
Kush Vyas
- 5,813
- 2
- 26
- 36
-
adding acl private to the bucket will not make the existing keys private. If we apply put-object-acl it need to be done induvidually to each file. I have referd https://stackoverflow.com/questions/3142388/how-to-make-10-000-files-in-s3-public and tried with sync a bucket to itself but that also make any sense – Rosa Mystica Dec 26 '17 at 12:57
-
The problem is that I have added the bucket policy as you mentioned, it works correctly for newly added files. But it does not applicable to existing keys. I have some files with "authenticated user" acl which can be accessed from any aws account. Which is a security threat. – Rosa Mystica Dec 26 '17 at 13:59