Amazon S3 Bucket Policies. How to configure Amazon S3 Bucket Policies.
S3 Browser
Free Windows Client for Amazon S3 and Amazon CloudFront
 
Follow:
Share:

Working with Amazon S3 Buckets

Working with Amazon S3 Bucket Policies

Bucket Policies allow you to create conditional rules for managing access to your buckets and files. With bucket policies, you can also define security rules that apply to more than one file, including all files or a subset of files within a bucket. This makes updating and managing permissions easier!

To Edit Amazon S3 Bucket Policies:

1. Click Buckets, Edit Bucket Policy:

Bucket Policies. Edit Amazon S3 Bucket policies.

You can also use Ctrl+O keyboard shortcut to open Bucket Policies Editor.

The Bucket Policy Editor dialog will open:

amazon s3 bucket policies editor

Bucket Policies Editor allows you to Add, Edit and Delete Bucket Policies.

2. Enter valid Amazon S3 Bucket Policy and click Apply Bucket Policies.

See some Examples of S3 Bucket Policies below and Access Policy Language References for more details.

Examples of Amazon S3 Bucket Policies

How to grant public-read permission to anonymous users (i.e. to everyone)

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowPublicRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::my-brand-new-bucket/*"
      ]
    }
  ]
}

How to grant full access for the users from specific IP addresses.

{
  "Version": "2008-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.168.143.0/24"
        },
        "NotIpAddress": {
          "aws:SourceIp": "192.168.143.188/32"
        }
      }
    },
    {
      "Sid": "IPDeny",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.1.2.0/24"
        }
      }
    }
  ]
}

How to protect your amazon s3 files from hotlinking.

{
  "Version": "2008-10-17",
  "Id": "preventHotLinking",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
      "Condition": {
        "StringLike": {
          "aws:Referer": [
            "http://yourwebsitename.com/*",
            "http://www.yourwebsitename.com/*"
          ]
        }
      }
    }
  ]
}

How to allow only specific IP to write to a bucket and everyone read from it.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
      "Condition": {
        
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::my-brand-new-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.168.0.0/16"
        }
      }
    }
  ]
}

S3 Browser 12.2.1 Freeware
Powered by Amazon Web Services and Rated by CNET Editors!
Social Connection
S3 Client Logo
 
People like S3 Browser!
Our customers say

"S3 Browser is an invaluable tool to me as a web developer to easily manage my automated site backups" -Bob Kraft, Web Developer

"Just want to show my appreciation for a wonderful product. I use S3 Browser a lot, it is a great tool." -Gideon Kuijten, Pro User

"Thank You Thank You Thank You for this tool. A must have for anyone using S3!" -Brian Cummiskey, USA

Related Products
RdpGuard
protects your Windows Server from RDP Brute-force Attacks.
"Amazon Web Services", "AWS", "Amazon S3", "Amazon Simple Storage Service", "Amazon CloudFront", "CloudFront", the "Powered by Amazon Web Services" logo are trademarks of Amazon.com, Inc. or its affiliates in the US and/or other countries.
Copyright © 2008-2025 Netsdk Software FZE. All rights reserved.  Terms of Use.  Privacy Policy.  S3 Drive.  RDP brute-force protection.