Configuring Bucket Policies

Products

App Platform
- Overview
- How It Works
- Connect Repositories
- Deploy Frontend Apps
- Deploy Backend Apps
- Deploy with a Dockerfile
- Managing Apps in Your Control Panel
- FAQ
Cloud Servers
Cloud Databases
Kubernetes
- Overview
- Create Clusters
- Connect to the Cluster
- Manage Clusters
- Load Balancing
- Cluster Autoscaling
- Working with Helm
- Creating Helm Charts
- Network Plugins
- Addons
- CSI S3 Integration
S3 Object Storage
- Overview
- Manage Storage
- Tools
- Use Cases
- Supported Features
VPC
Load Balancers
Firewall
Domains

Platform Guides

Account
Billing
- Overview
- Linking a Card

Updated on 26 November 2024

S3 access management features enable flexible configuration of access rules for various use cases. Below are some useful examples of S3 bucket policy configurations.

Restricting Access to HTTPS Only

To secure data transmission, you can restrict bucket access to HTTPS connections only. This prevents access attempts using unsecured HTTP requests, reducing the risk of data compromise.

Create a policy file named ssl.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::<bucket_name>/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}

Apply the policy using the following command:

aws s3api put-bucket-policy --bucket <bucket_name> --policy file://ssl.json --endpoint-url https://s3.hostman.com

Now, any HTTP requests will return a 403 error.

Restricting Access by IP Addresses

To enhance security, you can limit bucket access to specific IP addresses. This is useful for protecting data from unauthorized external access.

Create a policy file named ip.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::<bucket_name>/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "<IP_address>"
                    ]
                }
            }
        }
    ]
}

Apply the policy using the following command:

aws s3api put-bucket-policy --bucket <bucket_name> --policy file://ip.json --endpoint-url https://s3.hostman.com

Granting Access to a Specific Prefix

If you need to provide access to specific objects in a bucket, such as files under a certain prefix, use the following policy. This is ideal for private buckets to allow access only to specific data.

Create a policy file named prefix.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket_name>/html/*"
        }
    ]
}

Apply the policy using the following command:

aws s3api put-bucket-policy --bucket <bucket_name> --policy file://prefix.json --endpoint-url https://s3.hostman.com

Now, all files under the /html prefix will be accessible for reading.

Was this page helpful?

Updated on 26 November 2024

Configuring Bucket Policies

Restricting Access to HTTPS Only

Restricting Access by IP Addresses

Granting Access to a Specific Prefix

Do you have questions, comments, or concerns?

Do you have questions,
comments, or concerns?