DEV Community

Pranav Bakare
Pranav Bakare

Posted on

Amazon S3 Bucket with Policy Details

How to Create a Bucket Policy in Amazon S3

To apply a bucket policy that allows public read access to objects in your S3 bucket (django-blog49), follow these steps:

Step-by-Step Guide to Creating a Bucket Policy

  1. Open the Amazon S3 Console:

Sign in to your AWS Management Console and navigate to Amazon S3.

  1. Select the Target Bucket:

Find the bucket you want to apply the policy to (django-blog49) and click on it.

  1. Navigate to the Permissions Tab:

Click on the Permissions tab in the bucket’s overview page.

  1. Edit the Bucket Policy:

Scroll down to Bucket Policy and click Edit.

Paste the following bucket policy:

{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": ""
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::django-blog49/
"
}
]
}

Click Save.

Breakdown of the Bucket Policy

  1. Version: "2008-10-17"`:

Specifies the policy language version. Although this version works, you may also consider using "2012-10-17" for more recent features.

  1. Statement:

Contains a list of individual statements defining the permissions.

  1. Sid: "AllowPublicRead"`:

An optional Statement ID used for identifying this specific rule. It helps in managing multiple rules in one policy.

  1. Effect: "Allow"`:

Specifies the action should be allowed. This could be "Allow" or "Deny".

  1. Principal: "AWS": "*":

Specifies who is allowed to perform the action. "*" makes this accessible to all users, effectively making it public.

  1. Action: "s3:GetObject"`:

Defines the actions that are allowed. Here, s3:GetObject permits users to read/download objects from the bucket.

  1. Resource: "arn:aws:s3:::django-blog49/*":

Specifies the resources this policy applies to. The * at the end signifies all objects within the django-blog49 bucket.

Tips for Applying Bucket Policies

Double-Check Public Access Settings: Make sure the "Block public access" settings do not override your bucket policy.

Test the Policy: After saving, try accessing an object URL to ensure the policy is applied correctly.

Use AWS Policy Generator: For more complex policies, use the AWS Policy Generator to craft specific rules.

Summary

By following these steps, you’ve successfully applied a bucket policy that allows public read access to your django-blog49 S3 bucket. This makes it possible for anyone with the object URL to download the files. Always be cautious about public permissions to prevent exposing sensitive data unintentionally.

Top comments (0)