Question:
I have an S3 bucket that is being used to host a static website. This example shows a policy that grants everyone access to the objects in the specified bucket (i.e. making the website public):
|
1 2 3 4 5 6 7 8 9 10 11 |
{ "Version":"2012-10-17", "Statement":[{ "Sid":"PublicReadGetObject", "Effect":"Allow", "Principal": "*", "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::example-bucket/*"] }] } |
However, I want to make the website accessible to only specific Amazon users. So following this documentation, I specify these users in Principal:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{ "Version":"2012-10-17", "Statement":[{ "Sid":"PublicReadGetObject", "Effect":"Allow", "Principal": { "AWS": "arn:aws:iam::Account-ID:user/Dave" }, "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::example-bucket/*"] }] } |
While this correctly enables permissions for who can access the resource via the S3 console, it results in a 403 for everybody trying to access the hosted website.
Is it possible to have user-level permissions restricting access to a hosted bucket?
Answer:
No, it is not possible to apply user-level permissions to a static web site bucket in S3. From Permissions Required for Website Access:
When you configure a bucket as a website, you must make the objects that you want to serve publicly readable.