Home > other >  Allowing S3 bucket to access itself
Allowing S3 bucket to access itself

Time:12-22

I just want my S3 bucket to be able to access itself. For example in my index.html there is a reference to a favicon, which resides in my s3 (the same actually) bucket. When i call the index.html, i get 403 HTTP ACCESS DENIED error.

If i put block all access off and i add a policy it works, but i do not want the Bucket to be public.

How am i able to invoke my website with my AWS user for example without making the site public (that is with having all internet access blocked)?

CodePudding user response:

Without knowing how your bucket is set up and what permissions / access controls you have already deployed it is hard to give a definite answer.

Having said that it sounds like you simply need to walk through the proper steps for building an appropriate permission model. You have already explored part of this with the block all access and a policy, but there are also ACL's and permission specifics based on object ownership that need to be considered.

Ultimately AWS's documentation is going to do a better job than most to illustrate what to do and where to start:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteAccessPermissionsReqd.html

NOTE: if you share more information about how the bucket is configured and how your client side is accessing the website, I can edit the answer to give a more prescriptive solution (assuming the AWS docs don't get you all the way there)

CodePudding user response:

You mention that "the websites in the bucket should be only be able to see by a few dedicated users, which i will create with IAM."

However, accessing Amazon S3 content with IAM credentials is not compatible with accessing objects via URLs in a web browser. IAM credentials can be used when making AWS API calls, but a different authentication method is required when accessing content via URLs. Authentication normally requires a back-end to perform the authentication steps, or you could use Amazon Cognito.

CodePudding user response:

I just want my S3 bucket to be able to access itself.

no, the request always comes from the client

How am i able to invoke my website with my AWS user

For the site-level access control there is CloudFront with signed cookie. You will still need some logic (apigw lambda? lambda on edge? other server?) to authenticate the user and sign the cookie.

  • Related