With Amazon S3, sometimes you want to grant a specific folder / prefix, public access; especially if you are working with public web assets.
To do this you can apply this type of policy to your S3 bucket:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"MakeFolderPublic",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::yourS3BucketName/yourPublicFolder/*"]
}
]
}This policy will grant anyone in the world public read access to the bucket named yourS3BucketName for all objects under the folder named: yourPublicFolder.
If you already have a bucket policy you can insert it as another statement like the example below. The important aspect is to ensure there is a comma after the curly bracket associated with ‘statement2‘.
{
"Version":"2012-10-17",
"Statement":[
{
"Sid": "Statement1",
...
},
{
"Sid": "Statement2",
...
},
{
"Sid":"MakeFolderPublic",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::yourS3BucketName/yourPublicFolder/*"]
}
]
}Note: You should use caution when dealing with a public bucket policy. Public bucket policies are not recommended due to their lax security controls as it’s often found that private content was uploaded into a prefix that allowed anyone in the world to access that data. If you have any public ACLs on the bucket itself it will allow anonymous users to list your buckets contents.
Take a look at these best practices to learn more about what is better for your S3 buckets: https://nonset.com/2019/09/26/the-aws-s3-best-practices-you-should-be-following-in-2019/
Did you know: S3 doesn’t actually have the concept of folders even though you see them in the web console or other applications. The folders you see are artificial, they are actually referred to as prefixes which are literal strings of your object names. S3 is a completely flat object storage system, it only stores your object data separately from your file name which gives it such high performance 🙂 You can read more about S3 key naming here: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys
![Read more about the article [Mac] How to find the FQDN of a Mac OSX machine in 2019](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_300,h_162/https://nonset.com/wp-content/uploads/2019/09/macBookFQDN-300x162.jpg)
![You are currently viewing [AWS] Granting a folder in S3 public read access in 2020 – Simple but not recommended!](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_833,h_450/https://nonset.com/wp-content/uploads/2019/09/s3_grand_folder_readaccess.jpg)
