Lets say I have the following s3 structure
company_folder
folder1
folder2
folder3
sub_folder1
sub_folder2
I currently have the following permissions that allow access to every folder, sub_folder and file. This is for a web app.
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::company_folder/*"
Using an admin IAM access key id: ABCD I am able to put images into sub_folders using carrierwave. I use a single cloudfront root url to deliver images from various 'folders' and 'sub_folders'
The images sent to 'sub_folder2' are not displayed on the website and they are high resolution. They should not be accessed by anyone except admin.
How do I go about changing the restrictions on 'sub_folder2' within the bucket policy for 'company_folder'
I need to deny GET and PUT access to 'sub_folder2' for everyone except admin while maintaining a public read on everything else in 'company_folder'.
I believe that the 'company_folder' needs to remain public because that is where my cloudfront url points to.
Is this a simple solution of just editing the bucket policy?
Aucun commentaire:
Enregistrer un commentaire