Geek Answers Handbook

File Permissions on s3

I have a bucket on S3 called xyz. Inside the bucket, I have an html file at 786 / html / index.html and several images inside 786 / html / images /. Folders and files have full control over the owner. I am using aws ruby-sdk to generate the url for 786 / html / index.html and the page is working fine, but the images in 786 / html / images are not showing in 786 / html / index.html. This gives me the following error in the browser console: -

Failed to load resource: the server responded with a status of 403 (Forbidden)

Now I have allowed public reading of 786 / html / images. 786 and 786 / html have owner-only permissions. Now 786 / html / index.html is able to display images, but now images are also available to public_url. I am confused since 786 and 786 / html do not have public permissions. Still images are available.

A possible solution would be to add an AwsAccessKey and signature to the original image contained in index.html. But since we have several images, therefore, we must have a common signature.

Suggestions needed

Thanks Apuva Mayank

+7
amazon-s3 amazon-web-services
source share
2 answers

S3 - object storage. This is not a hierarchical file system and does not actually have β€œfolders”.

Object keys can have prefixes that are limited by agreement with / .

This creates the illusion of folders, but it’s not the same as the actual hierarchy. All object permissions are independent, taking into account policies (which may also contain links to the prefix).

But to say: "786 and 786 / html do not have public permission", but "786 / html / images" has public permission, it does not make sense in S3, since the objects "under" these "folders" are not actually associated with them.

Regardless of what you use to work with your bucket, you can create the impression that everything is different, or it can manipulate the permissions of objects in the folder and create the impression that these permissions are inherited.

If you intend to make the html file visible only with a signed URL or to make images visible only with a page (and not self-loading), then your code will also have to fully qualify and sign the URLs for the embedded images (and the file, if you want so that it is also private).

+3
source share

When creating the image, add the following caption:

x-amz-acl: public-read

Read more about ACL here:

http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl

Also, if you find that the Content-Type is wrong, the header will solve this.

Content-Type: image/jpeg

0
source share

More articles:


All Articles