UPDATED: July-07-2019
I had a request to create a bucket that also acts as a static content web server and give access to an IAM user, so the user can upload/download/delete the file content.
In order to do that, first let’s create an IAM user from the Identity & Access Management menu. Store the credentials for this user somewhere, you’ll need to give these to the end user. Then edit the user and click on the Permissions tab. Create a new Inline policy.
Copy & paste and then validate.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteObject",
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::<bucket_name>/*"
]
}
]
}
Look at the policy and replace
The next step is to create the S3 bucket. Make sure you use the same name as the name you specified in the above policy. Change whatever settings you want for logging, versioning, cross-legion replication etc… There is no need to enable the web hosting. The setting that matters is under the properties. Click on the Permissions and then Edit bucket policy. Copy & paste the policy.
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<bucket_name>/*"
}
]
}
Replace the
NOTE: Make sure that your settings for public access are off otherwise you’ll get access denied when you create the bucket policy.
