Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to grant read permission to an s3 object in nodejs???

0

I've been hammering away at this ll day, and still can't see where to go.

I simply want to

  1. Create an S3 bucket, configured as website enabled;
  2. Load an error.html file into it
  3. Allow public read access to the error.html

Should be three lines of code, right? Not in AWS ...

I created the bucket:

await this.send(new CreateBucketCommand({ Bucket: bucketName }));
await this.send(new DeletePublicAccessBlockCommand({ Bucket: bucketName }));
await this.send(new PutBucketWebsiteCommand({
                    Bucket: bucketName,
                    WebsiteConfiguration: {
                        ErrorDocument: { 'Key':     'error.html' },
                        IndexDocument: { 'Suffix':  'index.html' }
                    }
                }));
await this.send(new PutBucketLoggingCommand({
                    Bucket: bucketName,
                    BucketLoggingStatus: {
                        LoggingEnabled: {
                            TargetBucket: log_bucket,
                            TargetPrefix: 'logs/'
                        }
                    }
                }));

I set a public access policy (eventually figured out I had to remove the block first:

await this.send(new DeletePublicAccessBlockCommand({ Bucket: bucketName }));
let policy = {
      Version: "2012-10-17",
      Statement: [{ Sid: "PublicReadGetObject", Effect: "Allow", Principal: "*", Action: [ "s3:GetObject" ], Resource:`arn:aws:s3:::${bucketName}/*` }]
};

await this.send(new PutBucketPolicyCommand({
    Bucket: bucketName,
     Policy: JSON.stringify(policy)
 }));

I uploaded the error.html but when I try to enable global read access to the error.html using the code below I get "The bucket does not allow ACLs".

await this.send(new PutObjectAclCommand({
                        ACL: 'public-read',
                        Bucket: bucketName,
                        Key: s3File
            }));

How can I close this off and change the permissions on the error.html to Read for all?

Themen
Speicher
Tags
Amazon Simple Storage Service
Sprache
English
dmb0058
gefragt vor 6 Monaten402 Aufrufe
2 Antworten
0

Hello.

Are public block access settings disabled?
If this setting is not disabled, an error will occur when configuring the bucket ACL.
There are two public block access settings: bucket level and account level, so please check both.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-bucket.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 6 Monaten
profile pictureAWS
EXPERTE
Jose Guay
überprüft vor 6 Monaten
0

Hi, Yes, I deleted the bucket level block in the second line of code. It's useful to know there's an account level one as well, though I don't think I have a use for that now.

Curiously, I think I may not need to set public access on the files in the bucket anyway! The code to set the ACL on new files uploaded has been working for more than a year on buckets around a year old, but fails on new buckets. But from what I can find, the policy I set on the bucket should allow read by all on objects in it, so the object-level ACL is not only unnecessary but not allowed by default since April 2023.

I'll test this out today and see if I can settle it one way or the other.

dmb0058
beantwortet vor 6 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt