S3 默认 public ACL fot 对象

Question

有什么方法可以 upload/update s3 中的对象，默认 public - 读取 ACL？

我知道我们有 f.e

aws s3 cp /path/to/file s3://sample_bucket --acl public-read

但是这里我们只能指定一个对象，实际上如果我再次上传相同的文件是行不通的

Answer 1

来自Bucket policy examples - Amazon Simple Storage Service：

The following example policy grants the s3:GetObject permission to any public anonymous users. This permission allows anyone to read the object data, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket. Before you use a bucket policy to grant read-only permission to an anonymous user, you must disable block public access settings for your bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET-NAME/*"
            ]
        }
    ]
}

请注意，这是添加到 存储桶 的 存储桶策略 ，而不是 IAM 用户。

在您上面的评论中，您提供了此政策：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "S3:*",
            ],
            "Sid": "",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}

此策略没有 Principal，这让我认为您试图将其添加到 IAM 用户而不是存储桶。

S3 默认 public ACL fot 对象

S3 default public ACL fot object

acl

amazon-s3

amazon-web-services