Learn about managing access to an S3 bucket using bucket policies in this video.
- [Instructor] Now that we have our bucket set up and ready to host our static web pages, we need to create a bucket policy that's going to allow web visitors to access the HTML file that we just loaded into it. Let's go to our console. This is our bucket, we'll go to Permissions here, I'll click on Bucket Policy. This is the Bucket Policy Editor. A Bucket Policy is a JSON document which we use to specify access restrictions on the objects stored in our bucket.
If we open up access to the world, our static website should work. Let's try that now. We'll go to our code editor, this file bucket_policy.json which you can find in the exercise files contains the bucket policy. This policy shows four main elements, Effect, which you can see here on line five, which is Allow, permitting access to our actions, Principal, on line six, in this case, Principal is everyone, Action, in this case, GetObject, permitting the Principal to read objects within the bucket and Resource where we specified our bucket ARN or Amazon Resource Name along with /* to be sure we can surf more than just one HTML file.
We're going to copy this document and go back to our console. We're going to paste the document and we're going to remove this from the resource and just copy the ARN of our bucket. Click Copy, Paste, remove this extra space here. We're going to click Save. As you can see, we get a warning that says Public.
You have provided public access to this bucket. That's okay because that's what we want. Let's go back to Properties and back to Static Website Hosting. We're going to retry our endpoint here and this time it should work. Great, this is the contents of our index.html file that we have in our bucket. We've proven this works now but let's go a different direction and start locking things down.
- Identity and Access Management security
- S3 security policies, encryption, and version control
- KMS encryption
- User authentication with Cognito