How to access files from an Amazon S3 bucket without an account? - amazon-web-services

This might be a stupid question, but I've never used AWS before.
So apparently, to create an AWS account I need to give my credit card information, but I don't want to do that.
Is there any other way to access the information from this link?:
https://s3.console.aws.amazon.com/s3/buckets/quizdb-public/?region=us-east-1&tab=overview

The URL https://s3.console.aws.amazon.com/s3/buckets/quizdb-public/?region=us-east-1&tab=overview
is the link that will be shown in the address bar when you log into the AWS console, go to S3 and click on the bucket. If you do not have access to that specific AWS account and the AWS console you will not be able to access the information in the bucket with that URL.

Related

Copy an on premise Windows folder to S3 bucket

I have an old archive folder that exists on an on premise Windows server that I need to put into an S3 bucket, but having issues, it's more my knowledge of AWS tbh, but I'm trying.
I have created the S3 bucket and I can to attach it to the server using net share (AWS gives you the command via the AWS gateway) and I gave it a drive letter. I then tried to use robocopy to copy the data, but it didn't like the drive letter for some reason.
I then read I can use the AWS CLI so I tried something like:
aws s3 sync z: s3://archives-folder1
I get - fatal error: Unable to locate credentials
I guess I need to put some credentials in somewhere (.aws), but after reading too many documents I'm not sure what to do at this point, could someone advise?
Maybe there is a better way.
Thanks
You do not need to 'attach' the S3 bucket to your system. You can simply use the AWS CLI command to communicate directly with Amazon S3.
First, however, you need to provide the AWS CLI with a set of AWS credentials that can be used to access the bucket. You can do this with:
aws configure
It will ask for an Access Key and Secret Key. You can obtain these from the Security Credentials tab when viewing your IAM User in the IAM management console.

AngularJS app in AWS S3. What should be correct policies?

I need to quickly deploy a static angular app to AWS S3. Unfortunately, I am still new to id so I would like to ask your help on:
What should be the bucket policy?
What roles should I give a user group to access it?
Requirements:
App deployed in the S3 bucket is public
Bucket contents should only accessible by those part of a user group. The users of the group should only be able to upload and get files in the bucket. Nothing more nothing less.
Another user group as administrators of the bucket.
Thanks. Any help would be appreciated.
Have you read Hosting a static website using S3? That should answer your question about bucket policy.
IAM users will need the appropriate S3 permissions on the bucket. This is an example of a read-write policy; remove the s3:PutObject and s3:DeleteObject permissions for read-only access.
As luk2302 pointed out, if you want to publish the S3 URL as your website URL, then the bucket contents must be publicly readable. If you want to publish the app using a custom domain name and/or use HTTPS, you should consider adding a CloudFront distribution. Doing so would also allow you to keep the bucket contents private so only your IAM users have direct access to the bucket.

Unable to access S3 bucket used by CloudTrail

I have an Amazon S3 bucket that is being used by CloudTrail.
However, the S3 bucket is not visible in S3.
When I click on the bucket in CloudTrail, it links to S3 but I get access denied.
The bucket is currently in use by CloudTrail, and based on the icons that seems to be working fine.
So, it seems this is an existing bucket but I cannot access it!
I also tried to access the S3 bucket with the root account, but the same issue occurs there.
Please advise on how I would regain access.
Just because cloudtrail has access to the bucket, doesn't mean your account also does.
You would need to talk to whoever manages your security and request access. or if this is your account, make sure you are logged in with credentials that have the proper access.

Understanding how AppSync + S3 work together

I try and succeed to upload a file using AWS Amplify quick start doc and I used this example to set my graphql schema, my resolvers and dataSources correctly: https://github.com/aws-samples/aws-amplify-graphql.
I was stuck for a long time because of an error response "Access Denied" when my image was uploading into the S3 bucket. I finally went to my S3 console, selected the right bucket, went to the Authorization tab, and clicked on "Everyone" and finally selected "Write Object". With that done, everything works fine.
But I don't really understand why it's working, and Amazon show me a big and scary alert on my S3 console now saying "We don't recommend at all to make a S3 bucket public".
I used Amazon Cognito userPool with Appsync and it's inside my resolvers that the image is upload to my S3 bucket if i understood correctly.
So what is the right configuration to make the upload of an image work?
I already try to put my users in a group with the access to the S3 bucket, but it was not working (I guess since the user don't really directly interact with my S3 bucket, it's my resolvers who do).
I would like my users to be able to upload an image, and after displaying the image on the app for everybody to see (very classical), so I'm just looking for the right way to do that, since the big alert on my S3 console seems to tell me that turning a bucket public is dangerous.
Thanks!
I'm guessing you're using an IAM role to upload files to S3. You can set the bucket policy to allow that role with certain permissions whether that is ReadOnly, WriteOnly, etc.
Take a look here: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
Ok I find where it was going wrong. I was uploading my image taking the address of my S3 bucket with the address that was given by aws-exports.js.
BUT, when you go to your IAM role policy, and you check the role of your authorize user of your cognito pool, you can see the different strategies and the one that allow to put objects on your S3 bucket use the folders "public", "protected" and "private".
So you have to change those path or add these folder at the end of your bucket address you use on your front-end app.
Hope it will help someone!

Grant access to AWS S3 bucket/folder to users without AWS account

I want to make a Video On Demand service using AWS S3 , and I would like to restrict each of my clients to his own bucket/folder (which one schema is best..) .
I want a client to have access only to his bucket/folder, but these people are not going to have an AWS account.
I read ,and still reading, about IAM users,roles and policies but I have not found something pointing to what I want to achieve.
If you know the IP address (or CIDR blocks) of each client, you can then restrict your bucket with a policy.
http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
Alternatively, you could just set up IAM accounts for them within your own account, and scope their access accordingly. That would let them use a very limited form of the AWS Console. You can even write your IAM policies so that users automatically have access to something like:
s3://your-bucket/%username%/