Is there any way to list bucket folders on cloudfront url ? I have created a url like this
https://xxxxxxx.cloudfront.net/ on this I want to list down all s3 files . currently getting error of index.html file not found . if I open a file like https://xxxxxxx.cloudfront.net/image.html it's working fine.
my bucket policy is like this :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::mybucket"
}
]
}
any help would be highly appreciated
Related
Noob issue here- i'm using CLI to download an entire bucket of images from S3 (76 files of various image formats), however they do not seem to appear in my local folder after the code executes. After a few attempts, I then received the below error:
"download failed: s3://cpskitchenaidimages/KA/KA - 5KSM2APC_1.tif to ./KA - 5KSM2APC_1.tif [Errno 28] No space left on device"
Code run =
aws s3 sync s3://cpskitchenaidimages/KA .
My local directory = "C:\Users\Darren\Downloads\KA"
The bucket is publicly accessible via the below policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::cpskitchenaidimages/*"
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::cpskitchenaidimages"
}
]
}
When I try to access my bucket root (https://mybucket-public.s3.amazonaws.com) I've got an Access Denied, however, If I access directly the "index.html" I can properly see the page.
Bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket-public/*"
}
]
}
Resolved with a workaround:
In the Cloudfront distribution Settings, I had the following:
Default Root Object: index.html
Now when accessing the abcdef123.cloudfront.net it points to the bucket's index.html.
I have a website where the users can upload files like images or pdfs, and I'm storing them in AWS S3. It's working correctly, but I put a "public policy" to test it like this one:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::mybucket/*"
]
}
]
}
It works but I think that a malicius user could make a lot of requests and amazon charge me for that. So what would be the way to limit the access but keep working correctly with my webapp?
Thanks in advance.
You could create a time-limited Amazon S3 pre-signed URL for those objects. This grants access to a private object for a limited time.
You can Restrict Access to Specific HTTP Referrer by modifying your bucket policy like this.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::mybucket/*"
],
"Condition": {
"StringLike": {
"aws:Referer": [
"http://www.example.com/*",
"http://example.com/*"
]
}
}
}
]
}
Replace example.com with your website name.This allows the objects can be only accessed from domain staring with your domain name. Make sure the browsers you use include the http referer header in the request . For more details see Restricting Access to a Specific HTTP Referrer
I'm googling since several hour without solution.
I'm trying to manage my bucket as web directory but it's not working fine.
Here is my bucket policy :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
I have an index html file at top level of the bucket, and a directory.
I can access the index file like this :
https://s3-eu-west-1.amazonaws.com/my_bucket/my_index_file.html
But all the following request give an xml access access denied error
https://s3-eu-west-1.amazonaws.com/my_bucket/
https://s3-eu-west-1.amazonaws.com/my_bucket
https://s3-eu-west-1.amazonaws.com/my_bucket/my_folder
https://s3-eu-west-1.amazonaws.com/my_bucket/my_folder/my_sub_folder
I haven't found a solution. Please let me konow if someone know how to achieve this, so that I can browse my bucket through firefox or another browser.
Thanks
If you want to make the static website hosting with the necessary index.html & default pages - you need to enable S3 Static Website Hosting. Just making the files / S3 objects public wouldn't help the index.html routing.
Once you do that you would get URLs like - http://examplebucket.s3-website-us-east-1.amazonaws.com/
Checkout the following links
http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
http://docs.aws.amazon.com/gettingstarted/latest/swh/website-hosting-intro.html
You have to create 2 buckets, one for example.com and one for www.example.com
Set bucket policy for both like below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.com/"
}
]
}
Follow this link : https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html
I have an S3 bucket "mybucket" with loads of files in it for example:
upload1/123.jpg
public/353.jpg
public/123.jpg
upload2/33.jpg
upload3/423.jpg
As I understand it the folders are just a convenience and are just objects anyways. So is it possible to make all the public/* objects public but not the others? How can I do this?
EDIT:
I've done so more reading, would something like this work and not affect anything else?
{
"Id": "Policy1415732583092",
"Statement": [
{
"Sid": "Stmt1415732573054",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/public/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
Yes this works just fine. You can add this policy to your bucket permissions:
{
"Version": "2012-10-17",
"Id": "123",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:**",
"Resource": "arn:aws:s3:::mybucket/public/*"
}
]
}
Then add a file called test.html to your public folder and one of your private folders:
<html>
<body>
test
</body>
</html>
Then enable static web hosting on the s3 bucket and then go to the S3 endpoint in a web browser (for me in US Standard this would be: http://s3.amazonaws.com/mybucket/public/test.html) and you will see the web page displayed, but when you try to access this page through the private bucket you will see that it fails.