{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Host a static site on AWS S3 - granting read only》','https://www.manongdao.com/q-907206.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to host a simple static site on AWS S3.
The only thing I want is to grant is READ-ONLY access, considering that mine is a static site.
For a similar problem, some time ago I found somewhere this bucket policy to overcome access problems
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::enrico-site/*"
}
]
}
Now I simply copy and paste this policy and I get a warning stating
Looking at the content of the policy, it seems it grants only GET and READ permissions, but I am far from an expert when it comes to security.
Considering that I want to grant anybody to access the static content of the bucket, i.e. READ ONLY but no WRITE permission, what is that I should do? Should I worry for the warning I get ?
You are correct that above policy enables anyone to get/download any object in your bucket. If you wish to use the bucket only for website hosting purpose this is "fine" and you can ignore the warning.
However, if you want to make only specific objects public e.g. index page etc., you can get rid of the bucket policy and instead use object ACL only to make those files/objects publicly available. AWS has a fairly detailed tutorial as well.