S3 Bucket Access Policy
Bucket Policy
- It is a resource-based policy for all the objects of a bucket.
- It is in Json format
- Effects are either Allow or Deny
- GET for reading access, CREATE for create, PUT for the update, DELETE for delete
- Use Policy generator tool to create Json access policy
Example: To create an access level policy in S3 to give the public access to all the objects in an s3 bucket
Step 1: Create Bucket (give any valid name) mybucket908 in your region.
Step 2: Select Permission Tab
Step 3: Click on Edit button which in Bucket policy section.
Step 4: Click on Policy generator button
Step 5: Provide below details to generate an access level policy (Principal mean user’s ARN, * means for everyone )
Select Type of Bucket policy : S3 Bucket policy
Effect: Allow
Principal: *
Action: GetObject
ARN: arn:aws:s3:::mybucket908
Click on Add Statement button
Click on Generate Policy button, It will generate a json access policy
Step 6: Copy generated Json Code and Paste it in Bucket policy of S3 bucket permission tab.
Note in Json add /* after bucket name in Resource option.
“Resource”: “arn:aws:s3:::mybucket908/*”
Step 7: Click on save changes button
Step 8: upload an index.html file
Step 9: use object URL to access the index.html file
Experiments
1. In bucket policy change the Effect from Allow to Deny and check whether you are able to access index.html
2. Delete bucket policy and check are you able to access index.html or not.
