Allowing public access to files in an AWS S3 Bucket folder

I have been doing a lot of screencasts lately for my clients! Even for the most simplest cases it's much better to demonstrate with a video. That's good!

However, the process of sharing videos is pretty painful. Dropbox is painful. Box.net is painful.

I prefer a very simplistic solution using Amazon s3.

I faced the following problem. I do not want to create a separate bucket public read facility, specific to these videos in a different bucket. Folder organization is pretty useful and reduces clutter.

I like to use my client's bucket. Create a shared folder, and give permissions for reading objects to public users. Again, allow READ access to files in a particular folder in a particular bucket!

Doing this with s3 proved suprisingly simple!

The following bucket policy does the job perfectly!

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowGetObjectBlog",
            "Principal": {
                "AWS": "*"
            },
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET/YOUR_FOLDER/*"
        }
    ]
}

Tips for uploading files

Uploading files to s3 using s3cmd, s4cmd or using Cyberduck is a breeze! And is a lot of fun ;-).

Security

A point to note is that the files that can be accessed via the HTTPS URL once shared will be shareable accessible to anyone in this public configuration.

There's no pre signing involved, there is no authorization involved, etc. Once you share the complete URL, it's accessible to anyone.

That's totally cool to me, because the information that I'm sharing isn't particularly sensitive. ;-)

Sharing URL

For sharing the HTTPS URLs for a file, Cyberduck is really cool with a shiny neat UI and easy click and share functionality!

House Keeping

As a practice, which I'll cover later. I look at the files that have been accessed and the frequency of access and create a micro-service to periodically cleanup my shared s3 folder. I'll set it up as cron to perform the continuous process to keep deleting the files that are no longer relevant.