Monday, March 14, 2022

AWS - S3 Bucket policy - Theory + Lab

 Bucket Policy
  1. It is a resource-based policy for all the objects of a bucket.
  2. It is in Json format
  3. Effects are either Allow or Deny
  4. GET for reading access, CREATE for create, PUT for the update, DELETE for delete
  5. Use Policy generator tool to create Json access policy

Example: To create an access level policy in S3 to give the public access to all the objects in an s3 bucket

Step 1: Create Bucket (give any valid name) mybucket908 in your region.
Step 2: Select Permission Tab 
Step 3: Click on Edit button which in Bucket policy section.
Step 4: Click on Policy generator button
Step 5: Provide below details to generate an access level policy (Principal mean user's ARN, * means for everyone )
           Select Type of Bucket policy :  S3 Bucket policy
           Effect:  Allow
           Principal: *
           Action: GetObject
           ARN: arn:aws:s3:::mybucket908
 Click on Add Statement button
 Click on Generate Policy button, It will generate a json access policy          
Step 6: Copy generated Json Code and Paste it in Bucket policy of S3 bucket permission tab.
    Note in Json add /* after bucket name in Resource option.
         "Resource": "arn:aws:s3:::mybucket908/*"  
Step 7: Click on save changes button
Step 8: upload an index.html file 
Step 9: use object URL to access the index.html file


1. In bucket policy change the Effect from Allow to Deny and check whether you are able to access index.html
2. Delete bucket policy and check are you able to access index.html or not.



Post a Comment