-1

I wanted to get huge amount of data from another organization to my organization. I created an s3 bucket with name as: srikanth-poc-can-be-deleted. This bucket under the access column is showing as "Public". All my other buckets are showing it as "Bucket and objects not public". (i.e. I disabled the option "Block All public access" under "Block Public access"). I also set up below policy. and defined below bucket policy.

Question: Under the bucket, I have one folder: 'upload_here' and I am getting this folder URL so that any body can upload the files under this folder. However, its not working as expected. When I enter the folder URL in the browser, an empty file with the name of the folder is downloading and nothing happening. I was expecting it to open the folder, so that others could place their files in there. Could you please let me know what is the issue?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::srikanth-poc-can-be-deleted/*"
        },
        {
            "Sid": "Statement2",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::srikanth-poc-can-be-deleted"
        }
    ]
}
Srik
  • 21
  • 2
  • 2
    You should NOT open up your bucket to anyone, even worse if you are trying to allow anyone to write to it. That is terrible practice. And no, S3 will not offer you a drag-and-drop interface in the browser if you just enter the url of an S3 bucket. You would need to build something yourself for that. Instead properly grant permissions to different AWS accounts you know belong to some target companies. – luk2302 Mar 25 '22 at 09:42

1 Answers1

0

If you want to copy data in Amazon S3 between AWS Accounts, you should use one of these methods below. They will ensure that your buckets, and your data, are kept private at all times.

Using source credentials

If you are using credentials from the source account:

  • Grant the IAM User permission to read from the source bucket and write to the destination bucket
  • Add a Bucket Policy on the destination bucket in the other account that grants access to the IAM User from the source account (similar to your policy above, but specifying the source IAM User as the Principal)
  • In the destination bucket, make sure ACLs are disabled so that the destination account 'owns' the objects
  • Use the AWS CLI to copy the objects, using the IAM User credentials

Using destination credentials

If you are using credentials from the destination account:

  • Grant the IAM User permission to read from the source bucket and write to the destination bucket
  • Add a Bucket Policy on the source bucket that grants access to the IAM User from the destination account (similar to your policy above, but specifying the destination IAM User as the Principal)
  • Use the AWS CLI to copy the objects, using the IAM User credentials
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470