8

I have successfully modified the single object of the s3 using the following command

aws s3api put-object-acl --bucket private_doc --key private_125.jpg --acl private

How can I modify all the object's ACL to private whose name starts with the word private ?

I have the bucket name as document454. It consist of the objects as private_123.pdf,private_234.pdf,member_123.doc,member_234.doc.

How can I convert the ACL of the file name starting with the word private to the private mode?

aabiskar
  • 654
  • 9
  • 24

2 Answers2

12

This command will convert all the objects ACL to private whose name starts with doc

aws s3 cp --recursive s3://bucket-name/ s3://bucket-name/ --acl private --metadata meta=nothing --exclude * --include "doc*"
aabiskar
  • 654
  • 9
  • 24
  • 1
    This works ok, but it also deleted my content-type tags. I ended up using the answer with pipes: https://stackoverflow.com/questions/46572744/how-to-change-permission-recursively-to-folder-with-aws-s3-or-aws-s3api aws s3 ls s3://bucket/path/ --recursive | awk '{cmd="aws s3api put-object-acl --acl bucket-owner-full-control --bucket bucket --key "$4; system(cmd)}' – sskular Dec 12 '19 at 07:06
  • This produced the error "Unknown options: --metadata,meta=nothing" but it works if I change "--metadata meta=nothing" to "--storage-class STANDARD". You can't just leave it off because you apparently have to at least change the object's "metadata, storage class, website redirect location or encryption attributes" when copying an object to itself. – Russell G Jan 04 '22 at 23:21
6

All objects in Amazon S3 are private by default.

This can be changed through several methods:

  • By directly changing the ACL on the object (as you are doing)
  • By creating a Bucket Policy that can grant permissions for a whole bucket, or a path within a bucket
  • By granting permissions against specific IAM Users or IAM Groups
  • By generating Pre-Signed URLs that provide time-limited access to private objects

The method of assigning permissions directly against object-level ACLs can only be done against one object at a time. Bucket Policies are normally used to grant access to multiple objects.

If you do wish to update the ACL on multiple objects, you can copy the objects to themselves, with an --acl parameter:

aws s3 cp --recursive s3://my-bucket/ s3://my-bucket/ --acl private --metadata meta=nothing
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • I have recently made the objects private and using presigned URL to access it. But the problem is previously I have uploaded all the objects with ACL in public mode. I want those all objects in ACL mode private. Since there are thousands of objects. Can u ellaborate ur answer related to Bucket Policy I want to convert all those objects to the ACL mode private ? – aabiskar Aug 27 '18 at 09:52
  • Added an option to use `aws s3 cp` – John Rotenstein Aug 27 '18 at 09:59
  • I don't have directory inside the bucket. How can I use the asterick for all the files that has the starting name as "document". I have the files as document_123.jpg,document_456.jpg. How can I use `aws s3 cp` in this situation – aabiskar Aug 27 '18 at 10:06
  • Can u please help me for that? I am confused on the all the filename starting with particular string? – aabiskar Aug 27 '18 at 10:29
  • Getting this error `copy failed: s3://imageresizing101/2.jpg to s3://imageresizing101/2.jpg An error occurred (InvalidRequest) when calling the CopyObject operation: This copy request is illegal because it is trying to copy an object to itself without changing the object's metadata, storage class, website redirect location or encryption attributes. ` – aabiskar Aug 27 '18 at 10:33
  • Okay, I've changed it to add some fake metadata to convince S3 to allow the overwrite. – John Rotenstein Aug 27 '18 at 10:43
  • Your answer works for all the files within the bucket. I have updated the question. I only want some files to be modified with firstname starting with certain pattern? – aabiskar Aug 27 '18 at 10:53
  • You can put that in the copy statement, eg `aws s3 cp s3://my-bucket/prefix* ...` – John Rotenstein Aug 27 '18 at 10:58
  • Command runs successfullt with no error but it does not change the ACL mode – aabiskar Aug 27 '18 at 11:16
  • This command does not works `aws s3 cp --recursive s3://my-bucket/prefix* s3://my-bucket/prefix* --acl public-read --metadata meta=nothing` While this works but it converts all the objects within the bucket ` aws s3 cp --recursive s3://my-bucket/ s3://my-bucket/ --acl public-read --metadata meta=nothing` – aabiskar Aug 27 '18 at 11:39
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/178852/discussion-between-chyangba-and-john-rotenstein). – aabiskar Aug 27 '18 at 11:53