S3 storage: Make a bucket folder private

2
votes

My s3 storage settings look like this:

Permissions > Bucket Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*"
        }
    ]
}

every object is public.

I have 3 folders, and would like to add a new folder which is private. How would I ensure it is private?

1
amazon-web-servicesamazon-s3
Possible duplicate of S3 bucket policy: In a Public Bucket, make a sub-folder privateGaurav Gandhi

1 Answers

2
votes

You have to use an option called NotResource.

The NotResource element lets you grant or deny access to all but a few
of your resources, by allowing you to specify only those resources to
which your policy should not be applied.

So instead of Resource, you should but use NotResource. With this, your bucket policy should be:

{
    "Sid": "AllowPublicReadWithPrivateFolder",
    "Effect": "Allow",
    "NotResource": "arn:aws:s3:::bucket/your_private_folder_path/*",
    "Principal": {
        "AWS": [
        "*"
        ]
    },
    "Action": "s3:GetObject"        
}

Link to reference