I want to cancel the public access permission of a file(images/login_logo.png
) inside my S3 bucket my-test-bucket
.
Currently, this file's permission setting is as the following:
As you can see in the above picture. It has no public access for everyone.
But I can still access it from the s3 link.
Is this phenomenon caused by my bucket policy?
{
"Version": "2012-10-17",
"Id": "Policy1528702071704",
"Statement": [
{
"Sid": "Stmt1528702067249",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-test-bucket/*"
}
]
}
If so, what's the best way to cancel the public access permission of a single file inside a large public bucket which contains about 10,000 files?
I cannot apply make public
to a large bucket due to this issue.
By default, all objects in Amazon S3 are private.
You can make an object accessible via a Bucket Policy (such as yours above), or by adding permissions on the specific object.
If either of these methods grant access to an object, then the object is accessible. So, the fact that your bucket policy is granting access to the entire bucket means that your object is public.
The only way to make an exception for one file would be to add a Deny policy, such as:
{
"Version": "2012-10-17",
"Id": "Policy1528702071704",
"Statement": [
{
"Sid": "AllowALl",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-test-bucket/*"
},
{
"Sid": "DenyOneObject",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-test-bucket/images/login_logo.png"
}
]
}
A Deny always overrides an Allow, so that object will remain private.
However, be careful: This policy is denying read access to everybody (including you!). You will probably need to tweak it so that you can still get access (probably by using NotPrincipal
).
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments