0

If I have a folder in a S3 bucket that contains many more folders, and I want to enable getObject public access to the object in all of those folders can I do something like?

{
  "Id": "example123",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "example123",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucket-name/next-level-folder/*/*",
      "Principal": "*"
    }
  ]
}

...where the first * is all the folders and the second * is all the objects in the folders?

I am going to have lots of folders that will require public access and don't want to have to write out the path for each one and put them in the resources e.g.

"Resource": ["arn:aws:s3:::bucket-name/next-level-folder/folder1/*",
              "arn:aws:s3:::bucket-name/next-level-folder/folder2/*",
              "arn:aws:s3:::bucket-name/next-level-folder/folder3/*",
             ]
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Danny_P
  • 21
  • 5
  • This suggests that you can: [AWS IAM - Can you use multiple wildcards (*) in a value](https://stackoverflow.com/a/22563714/174777) Give it a try and tell us what you discover! – John Rotenstein Nov 15 '22 at 21:17
  • 1
    If you also want to allow access to objects such as `next-level-folder/dog.png` then simply use `"Resource": "arn:aws:s3:::bucket-name/next-level-folder/*` which will allow everything under the prefix `next-level-folder/`. – jarmod Nov 15 '22 at 22:24
  • Awesome thanks, "Resource": "arn:aws:s3:::bucket-name/next-level-folder/*" did the trick, I was under the impression you needed the full path to the object but this is working, cheers. – Danny_P Nov 16 '22 at 21:39

0 Answers0