Home > front end >  Writing into someone else's s3 bucket but no one can read it
Writing into someone else's s3 bucket but no one can read it

Time:07-21

I am writing into someone else's s3 bucket but no one can read it. How do I make it so that the owner of the s3 bucket can read what im writing into the bucket? Is this something they would have to change on their end since they are the owner or is this something I can change on my end?

I dont see the Bucket on my Amazon S3 buckets list because I am not the owner. Therefore, I cannot change the permissions there (or can I change the settings on an invisible bucket?).

CodePudding user response:

When uploading to an Amazon S3 bucket that belongs to a different account, use ACL=bucket-owner-full-control. This will 'handover' ownership of the object to the other account.

This is a very strange behaviour of Amazon S3 that they have now corrected by offering the ability to disable ACLs and enforce the Bucket owner. If the owner of the bucket configures this setting, then it will work as expected (without needing to specify the ACL on upload).

See: Controlling ownership of objects and disabling ACLs for your bucket - Amazon Simple Storage Service

CodePudding user response:

As John mentions, one option is to change on the application side (e.g. your python code) to add the required ACL (ACL=bucket-owner-full-control) to grant the bucket owner permissions to access to the uploaded object.

Another option is to change the configuration at the bucket level disabling Access control list (ACL). In this way, the bucket owner will have permissions over any object uploaded to that bucket. Consider also that disabling ACLs is the recommended way by AWS to manage S3 object permissions. However, if you are currently managing permissions based on ACL be careful before disabling it because there are some prerequisites (e.g. migrate ACL permissions to the bucket policy).

  • Related