University of Bern
Dokumentationen
  1. Dokumentationen
  2. Cloud
  3. Switch Cloud Services
  4. Knowledge Base
  5. S3-Bucket With Anonymous Read Access

Dokumentationen

S3-Bucket With Anonymous Read Access

Goal

Ein S3-Bucket mit anonymer Leseberechtigung soll erstellt werden, so dass Daten ohne Authentifizierung gelesen und heruntergeladen werden können.

The S3 service of the Switch Cloud is described in detail in the official documentation by Switch and is not replicated here.

Procedure

To allow unauthenticated, hence anonymous, access to read the bucket, you must set appropriate Anonymous Read Access Policies on the bucket. See the official documentation from Switch for more information.

Save the following policy in a file, for example for the bucket mys3bucket, anonymous_read_policy.json:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadAccess",
      "Effect": "Allow",
      "Principal": "*",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::mys3bucket",
        "arn:aws:s3:::mys3bucket/*"
      ]
    }
  ]
}

With the following command, you can then set the policy on the bucket:

# set policy from file
aws --profile switch-s3 s3api put-bucket-policy --bucket mys3bucket --policy file://anonymous_read_policy.json

Die gesetzte Policy kann mit folgendem Befehl ausgelesen werden:

# Read the policy on the S3 bucket for verification
aws --profile switch-s3 s3api get-bucket-policy --bucket mys3bucket --output text