How to make all Objects in AWS S3 bucket public by default?

Amazon Web-ServicesAmazon S3

Amazon Web-Services Problem Overview

I am using a PHP library to upload a file to my bucket. I have set the ACL to public-read-write and it works fine but the file is still private.

I found that if I change the Grantee to Everyone it makes the file public. What I want to know is how do I make the default Grantee on all objects in my bucket to be set to "Everyone". Or is there another solution to make files public by default?

Code I am using is below:

public static function putObject($input, $bucket, $uri, $acl = self::ACL_PRIVATE, $metaHeaders = array(), $requestHeaders = array()) {
	if ($input === false) return false;
	$rest = new S3Request('PUT', $bucket, $uri);

	if (is_string($input)) $input = array(
		'data' => $input, 'size' => strlen($input),
		'md5sum' => base64_encode(md5($input, true))
	);

	// Data
	if (isset($input['fp']))
		$rest->fp =& $input['fp'];
	elseif (isset($input['file']))
		$rest->fp = @fopen($input['file'], 'rb');
	elseif (isset($input['data']))
		$rest->data = $input['data'];

	// Content-Length (required)
	if (isset($input['size']) && $input['size'] >= 0)
		$rest->size = $input['size'];
	else {
		if (isset($input['file']))
			$rest->size = filesize($input['file']);
		elseif (isset($input['data']))
			$rest->size = strlen($input['data']);
	}

	// Custom request headers (Content-Type, Content-Disposition, Content-Encoding)
	if (is_array($requestHeaders))
		foreach ($requestHeaders as $h => $v) $rest->setHeader($h, $v);
	elseif (is_string($requestHeaders)) // Support for legacy contentType parameter
		$input['type'] = $requestHeaders;

	// Content-Type
	if (!isset($input['type'])) {
		if (isset($requestHeaders['Content-Type']))
			$input['type'] =& $requestHeaders['Content-Type'];
		elseif (isset($input['file']))
			$input['type'] = self::__getMimeType($input['file']);
		else
			$input['type'] = 'application/octet-stream';
	}

	// We need to post with Content-Length and Content-Type, MD5 is optional
	if ($rest->size >= 0 && ($rest->fp !== false || $rest->data !== false)) {
		$rest->setHeader('Content-Type', $input['type']);
		if (isset($input['md5sum'])) $rest->setHeader('Content-MD5', $input['md5sum']);

		$rest->setAmzHeader('x-amz-acl', $acl);
		foreach ($metaHeaders as $h => $v) $rest->setAmzHeader('x-amz-meta-'.$h, $v);
		$rest->getResponse();
	} else
		$rest->response->error = array('code' => 0, 'message' => 'Missing input parameters');

	if ($rest->response->error === false && $rest->response->code !== 200)
		$rest->response->error = array('code' => $rest->response->code, 'message' => 'Unexpected HTTP status');
	if ($rest->response->error !== false) {
		trigger_error(sprintf("S3::putObject(): [%s] %s", $rest->response->error['code'], $rest->response->error['message']), E_USER_WARNING);
		return false;
	}
	return true;
}

Amazon Web-Services Solutions

Solution 1 - Amazon Web-Services

Go to http://awspolicygen.s3.amazonaws.com/policygen.html Fill in the details such as: enter image description here In Action select "GetObject" Select "Add Statement" Then select "Generate Policy"

Copy the text example:

{
  "Id": "Policy1397632521960",
  "Statement": [
    {
      "Sid": "Stmt1397633323327",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucketnm/*",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}

Now go to your AWS S3 console, At the bucket level, click on Properties, Expand Permissions, then Select Add bucket policy. Paste the above generated code into the editor and hit save.

All your items in the bucket will be public by default.

Solution 2 - Amazon Web-Services

If you want to make all objects public by default, the simplest way is to do it trough a Bucket Policy instead of Access Control Lists (ACLs) defined on each individual object.

enter image description here

You can use the AWS Policy Generator to generate a bucket policy for your bucket.

For example, the following policy will allow anyone to read every object in your S3 bucket (just replace <bucket-name> with the name of your bucket):

{
  "Id": "Policy1380877762691",
  "Statement": [
    {
      "Sid": "Stmt1380877761162",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<bucket-name>/*",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}

The Bucket Policy contains a list of Statements and each statement has an Effect (either Allow or Deny) for a list of Actions that are performed by Principal (the user) on the specified Resource (identified by an Amazon Resource Name or ARN).

The Id is just an optional policy id and the Sid is an optional unique statement id.

For S3 Bucket Policies, the Resource ARNs take the form:

arn:aws:s3:::<bucket_name>/<key_name>

The above example allows (Effect: Allow) anyone (Principal: *) to access (Action: s3:GetObject) any object in the bucket (Resource: arn:aws:s3:::<bucket-name>/*).

Solution 3 - Amazon Web-Services

My problem was slightly different, but since this question is on the top of google search I'll leave my solution, maybe it'll help somebody.

I already had had full access to S3 bucket before, but one day it just started to return Access Denied to all my files. The solution was straightforward simple.

  1. Go to Services - S3
  2. Click on your S3 bucket
  3. Switch to Permissions tab, then go to Bucket Policy tab
  4. And click the Save button.

It should reassign permission on all your files.

enter image description here

Anyway, here is full bucket policy that allows makes all object public

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::enter-here-your-media-bucket-name/*"
        }
    ]
}

Solution 4 - Amazon Web-Services

The JSON above did not work for me, but I found this to be working. I have tested it on multiple buckets. I can write to the buckets programmatically and read from them at the same time

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddCannedAcl",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket_name>/*"
        }
    ]
}

Solution 5 - Amazon Web-Services

Its simple...just add this to your bucket policy..this will make your bucket publicly accessible. I did this as my bucket was only holding images and logos, so making it public makes sense as there is no sensitive or user specific data/asset.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1380877761162",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket-assets/*"
        }
    ]
}
Categories
Recommended Amazon Web-Services Solutions
Recommended Amazon S3 Solutions

Previous Solution:

Fastest way to flatten / un-flatten nested JSON objects

JavascriptAlgorithm

Next Solution:

Add directives from directive in AngularJS

JavascriptAngularjsModel View-ControllerMvvmAngularjs Directive

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
Questioncondo1234View Question on Stackoverflow
Solution 1 - Amazon Web-ServicesjaxxboView Answer on Stackoverflow
Solution 2 - Amazon Web-ServicesdcroView Answer on Stackoverflow
Solution 3 - Amazon Web-ServicesSerhii PopovView Answer on Stackoverflow
Solution 4 - Amazon Web-Servicesnicholus talemwaView Answer on Stackoverflow
Solution 5 - Amazon Web-ServicesMilindView Answer on Stackoverflow