Skip to content

Instantly share code, notes, and snippets.

@lalyos

lalyos/README.md

Last active September 8, 2020 07:52
Show Gist options
  • Save lalyos/10110269 to your computer and use it in GitHub Desktop.
Save lalyos/10110269 to your computer and use it in GitHub Desktop.
Download ZIP
make s3 bucket public script
Raw
README.md

Public aws s3 bucket

Sometimes you want to make a specific s3 bucket public. My purpose was to host a maven repo on s3.

one-liner

So if you want to make a bucket and all its files available publicly, just run this:

curl -Lso public-bucket.sh  j.mp/public-bucket && chmod +x public-bucket.sh && ./public-bucket.sh

Permissions

In the case of s3 resources you have 3 options go controll access:

  • User-based permissions, also called IAM policies
  • Resource-based permissions, also called Bucket policies
  • ACLs

In the use-case of public access to all objects in a bucket it's easier to create a resource-based policy, attached to the whole bucket. Than creating ACLs for the bucket, and than an ACL for each object.

User-based vs Resource-based Permissions

  • User-based permissions are attached to:
    • IAM user
    • IAM group
    • IAM role
  • Resource-based Permissions are attached to:
    • S3 bucket
    • SNS topic
    • SQS queue

Permissions are representes as json documents storing the policies

{
  "Version":"2012-10-17",
  "Statement":[{
     "Effect":"Allow",
     "Action":"s3:ListBucket",
     "Resource":"arn:aws:s3:::example_bucket"
   }]
}

The picture below show, that you can acchive the same result with both variant. s3 policies

Acces Control List (ACL)

AWS s3 makes it even more confusing by the introduction of ACLs, which gives ability to manage access to buckets and objects.

Raw
make-bucket-public.sh
#!/bin/bash
####################################################################################################
# use this script as:
#
# curl -Lso public-bucket.sh j.mp/public-bucket && chmod +x public-bucket.sh && ./public-bucket.sh
#
####################################################################################################
# description is at: https://gist.github.com/lalyos/10110269/#file-readme-md
####################################################################################################
if [ $# -gt 0 ]; then
BUCKET=$1
else
BUCKETS=$(aws s3api list-buckets --query Buckets[].Name --out text)
select BUCKET in $BUCKETS 'QUIT'; do
[[ $BUCKET == 'QUIT' ]] && exit 0
echo you have choosen: $BUCKET
break
done
fi
TIMESTAMP=$(date +%Y%m%d%H%M)
POLICY=$(cat<<EOF
{
"Version": "2008-10-17",
"Id": "s3-public-read-$TIMESTAMP",
"Statement": [
{
"Sid": "Stmt-$TIMESTAMP",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::$BUCKET"
},
{
"Sid": "Stmt-$TIMESTAMP",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::$BUCKET/*"
}
]
}
EOF
)
echo making $BUCKET public-read
aws s3api put-bucket-policy --bucket $BUCKET --policy "$POLICY"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment