How to get URLs of S3 objects with no expiry date and with public access?

Question

I tried some thing :
1. Block all public access: off
2.  ```   "Statement": [
        {
            "Sid": "PublicRead",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "************/*"
        }```
but I'm getting a warning that **Publicly accessible** with a red color box under my bucket name. Should I worry about that?

**OR** is there any way to acess some thing like pass **/appID** to access private objects like:  https://bucket.s3.us-north-8.amazonaws.com/img.png/appID

Finally my need is to get URLs of objects that I will hard code in my post model some thing like below:
URL attribute will be a string:
  ```
type Post @model{
    id: ID!
    title: String!
    fileURL: https://bucket.s3.us-north-8.amazonaws.com/img.png
}
```
now in future I can't change the URL attribute. So I need a without expire date secure file access

Accepted Answer

Best practice is to have no publicly-accessible objects.  All the "Block Public Access" settings should be on and you should not have any "Publicly accessible" warnings.

If you need to allow people access to objects from their web browser, the two secure options are:
1. If the objects are assets for a public website, make the bucket a CloudFront origin.  Don't use S3's built-in static website hosting (URLs like http://.s3-website-.amazonaws.com or http://.s3-website..amazonaws.com) as it doesn't support http.
2. If the objects are private then your app should vend presigned URLs providing secure temporary access.

Your URL "https://bucket.s3.us-north-8.amazonaws.com/img.png" looks more like an S3 REST API URL, which would be used from an application either directly or more typically via an API package such as Boto3 for Python.  In this case your application would get secure access to S3 objects with IAM credentials.

How to get URLs of S3 objects with no expiry date and with public access?

관련 콘텐츠