S3 Bucket Policy to make a specific sub folder public and everything else private?

amazon-web-services amazon-s3 zip mp3 bucket

22,792

Solution 1

I've done it!

I was trying all kinds of long-winded over-thought methods to try and accomplish this including the little known "not resource" when all I needed to do was take the default "allow all" policy and apply it to my specified sub-folders!

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKETNAME/*/128/*"
        }
    ]
}

Note: Edited the resource name.

Solution 2

This seems to be blocked now..

This bucket has public access You have provided public access to this bucket. We highly recommend that you never grant any kind of public access to your S3 bucket.

22,792

Author by

realdannys

Updated on September 06, 2020

Comments

realdannys over 3 years

We currently have an S3 bucket policy which makes everything public.

At the moment we a bucket "bucket1" and inside there are numbered sub folders for each entry numbers 01 upwards (e.g. 01, 02, 03) and inside that always a folder called "128".

What we want to do is make the files in the 128 folders always public.

So we'd need something to allow "bucket1/*/128" and everything else only be accessible with a time stamped signature.

Presuming this is possible but wouldn't know how to create the statement.
Jin Kwon about 6 years

Which part is for specific sub folders? /128/??
RyanQuey over 5 years

@JinKwon Yes exactly
csvan almost 3 years

That's just a warning, the items are still public like the warning implies
SmartE over 2 years

Funny how this supposed answer which ought to be a comment under the marked answer got upvoted because other people got similar issues