S3 Security Policy for Bucket while allowing signed urls

ackerchez

11/7/22, 9:35 AM

ugh, bucket policies.

I am trying to write a bucket security policy that would keep an outsider from listing the structure and data in the bucket but at the time my AWS users needs to be able to pull/put objects and create signed URLs to media files (some of these are audio files which need to be streamed).

I have turned off public access to the bucket and created a bucket policy that looks like this:

{
        "Sid": "Stmt1625604135648",
        "Effect": "Allow",
        "Principal": "*",
        "Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:GetObjectAcl",
            "s3:PutObjectAcl"
        ],
        "Resource": "arn:aws:s3:::mediaBucket/*"
    }

but every time I try to use the AWS PHP library to push an object into a bucket or create a signed URL for a specific resource I am getting access denied errors.

What am I doing wrong here?

0 + 0

amazon-s3

amazon-web-services

php7

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: S3 Security Policy for Bucket while allowing signed urls

TH: นโยบายความปลอดภัย S3 สำหรับ Bucket ในขณะที่อนุญาต URL ที่ลงชื่อ

RO: Politica de securitate S3 pentru Bucket, permițând în același timp adresele URL semnate

RU: Политика безопасности S3 для Bucket при разрешении подписанных URL-адресов

VI: Chính sách bảo mật S3 cho Bộ chứa trong khi cho phép các url đã ký

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.