Amazon S3 Permission problem - How to set permissions for all files at once?

I have uploa开发者_StackOverflowded some files using the Amazon AWS management console.

I got an HTTP 403 Access denied error. I found out that I needed to set the permission to view.

How would I do that for all the files on the bucket?

I know that it is possible to set permission on each file, but it's time-consuming when having many files that need to be viewable for everyone.

---

I suggest that you apply a bucket policy¹ to the bucket where you want to store public content. This way you don't have to set ACL for every object. Here is an example of a policy that will make all the files in the bucket mybucket public.

{
    "Version": "2008-10-17",
    "Id": "http better policy",
    "Statement": [
        {
            "Sid": "readonly policy",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/sub/dirs/are/supported/*"
        }
    ]
}

That * in "Resource": "arn:aws:s3:::mybucket/sub/dirs/are/supported/*" allows recursion.

---

¹ Note that a Bucket Policy is different than an IAM Policy. (For one you will get an error if you try to include Principal in an IAM Policy.) The Bucket Policy can be edit by going the root of the bucket in your AWS web console and expanding Properties > Permissions. Subdirectories of a bucket also have Properties > Permissions, but there is no option to Edit bucket policy

---

You can select which directory you want it to be public.

Press on "more" and mark it as public; it will make the directory and all the files to be accessible as public.

---

You can only modify ACLs for a unique item (bucket or item), soy you will have to change them one by one.

Some S3 management applications allows you to apply the same ACL to all items in a bucket, but internally, it applies the ACL to each one by one.

If you upload your files programmatically, it's important to specify the ACL as you upload the file, so you don't have to modify it later. The problem of using an S3 management application (like Cloudberry, Transmit, ...) is that most of them uses the default ACL (private read only) when you upload each file.

---

I used Cloudberry Explorer to do the job :)

---

Using S3 Browser you can update permissions using the gui, also recursively. It's a useful tool and free for non-commercial use.

---

To make a bulk of files public, do the following:

1. Go to S3 web interface
2. Open the required bucket
3. Select the required files and folders by clicking the checkboxes at the left of the list
4. Click «More» button at the top of the list, click «Make public»
5. Confirm by clicking «Make public». The files won't have a public write access despite the warning says «...read this object, read and write permissions».

---

You could set ACL on each file using aws cli:

BUCKET_NAME=example
BUCKET_DIR=media
NEW_ACL=public-read

aws s3 ls $BUCKET_NAME/$BUCKET_DIR/ | \
awk '{$1=$2=$3=""; print $0}' | \
xargs -t -I _ \
aws s3api put-object-acl --acl $NEW_ACL --bucket $BUCKET_NAME --key "$BUCKET_DIR/_"

---

I had same problem while uploading the files through program (java) to s3 bucket ..

Error: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 403

I added the origin identity and changed the bucket policy and CORS configuration then everything worked fine.

---

Transmit 5

I wanted to add this here for potential macOS users that already have the beautifully-crafted FTP app called Transmit by Panic.

I already had Panic and it supports S3 buckets (not sure what version this came in but I think the upgrades were free). It also supports recursively updating Read and Write permissions.

You simply right click the directory you want to update and select the Read and Write permissions you want to set them to.

It doesn't seem terribly fast but you can open up the log file by going Window > Transcript so you at least know that it's doing something.

---

Use AWS policy generator to generate a policy which fits your need. The principal in the policy generator should be the IAM user/role which you'd be using for accessing the object(s). Resource ARN should be arn:aws:s3:::mybucket/sub/dirs/are/supported/*

Next, click on "Add statement" and follow through. You'll finally get a JSON representing the policy. Paste this in your s3 bucket policy management section which is at "your s3 bucket page in AWS -> permissions -> bucket policy".

---

This worked for me on digital ocean, which allegedly has the same API as s3:

s3cmd modify s3://[BUCKETNAME]/[DIRECTORY] --recursive --acl-public

The above sets all files to public.