S3 Bucket Policy for download access

Question

I need to configure a bucket policy that will allow a public user to download a specific file from our bucket. The download link will be served through the AWS S3 plug-in for WooCommerce. We want the public user to be able to access only the specified file via link and nothing else.

Answer

Hi,
I would suggest to write a resource-based policy in the bucket with a condition containing the username assuming that the user is identified like

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html

see proposed example:

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {"StringLike": {"s3:prefix": ["${aws:username}/*"]}}
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]
    }
  ]
}
```

You may then make it more solid by adding global conditions relevant to your use case: see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html

For example, aws:referer may be useful to tighten the policy

S3 Bucket Policy for download access

相关内容