How to set a bucket's ACL on S3?

2020-05-28 18:07发布

问题:

I tried a couple of things: S3Browse, the RightAws Ruby gem and other tools. All allow granting access on an individual key basis, but I wasn't able to set the ACL on buckets. Actually, I set the ACL on the bucket, no errors are returned. But when I refresh or check in another tool, the bucket's ACL is reset to owner only.

I want to give read and write access to FlixCloud for an application I'm developing. They need the access to write the output files.

回答1:

Yup, just checked it again after 10 min. ACL remains as configured. I guess this is something at your end then. Try different account/workstation.



回答2:

I was struggling with the ACL vs. Bucket Policy and found the following useful.

ACL

The ACL defines the permissions attached to a single file in your bucket. The Bucket Policy is a script that explains the permissions for any folder or file in a bucket. Use the bucket polcies to restrict hot linking, grant or deny access to specific or all files, restrict IP address, etc.

Edit the S3 Bucket Policy

Log into Amazon Web Services, click to S3 and click on the bucket name in the left column. View the bucket Properties panel at the bottom of the page. Click the button on the lower right corner that says "Edit bucket policy". This brings up a lightbox that you can paste the policy script into. If the script fails validation it will not save.

Sample Policy that enabled read access to everyone (useful if the bucket is being used as a content delivery network)

{
     "Version": "2008-10-17",
     "Id": "",
     "Statement": [
          {
               "Sid": "AddPerm",
               "Effect": "Allow",
               "Principal": {
                    "AWS": "*"
               },
               "Action": "s3:GetObject",
               "Resource": "arn:aws:s3:::my_bucket_name/*"
          }
     ]
}

Sample policy to prevent unauthorized hotlinking (third party sites linking to it) but allow anybody to download the files:

{ 
    "Version":"2008-10-17", 
    "Id":"preventHotLinking",

    "Statement":[ { 

        "Sid":"1", 
        "Effect":"Allow",
        "Principal": {
            "AWS":"*"
        },

        "Action":"s3:GetObject",
        "Resource":"arn:aws:s3:::your.bucket.name/*",

        "Condition":{

            "StringLike": { 

                "aws:Referer": [
                    "http://yourwebsitename.com/*", 
                    "http://www.yourwebsitename.com/*"
                ]
            }
        }
    }]
}

Generate a Policy

http://awspolicygen.s3.amazonaws.com/policygen.html

Sample Bucket Policies

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html



回答3:

I have just double checked that for you - S3fm was able to change the ACL successfully. I used their email s3@flixcloud.com as userid. You can see the user in the list afterwords as flixclouds3.



标签: amazon-s3 acl