0
0
AwsHow-ToBeginner · 3 min read

How to Set Bucket Policy in AWS S3: Simple Guide

To set a bucket policy in AWS S3, create a JSON policy document defining permissions and apply it to your bucket using the AWS Management Console, AWS CLI, or SDK. The policy controls who can access your bucket and what actions they can perform using PutBucketPolicy or the console's bucket permissions tab.
📐

Syntax

A bucket policy is a JSON document that defines permissions for your S3 bucket. It includes Version (policy language version), Statement (an array of permission rules), and inside each statement: Effect (Allow or Deny), Principal (who the rule applies to), Action (what actions are allowed or denied), and Resource (which bucket or objects the rule applies to).

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
💻

Example

This example policy allows anyone to read objects from the bucket named example-bucket. It uses the s3:GetObject action and applies to all objects inside the bucket.

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
Output
Policy applied successfully to bucket 'example-bucket'. Public read access granted for objects.
⚠️

Common Pitfalls

  • Not specifying the correct Resource ARN, which must include /* to cover all objects inside the bucket.
  • Using Principal as * without understanding it grants public access.
  • Forgetting to set the bucket policy after creating it.
  • Confusing bucket policies with IAM policies; bucket policies control bucket access, IAM policies control user permissions.
json
Wrong example (missing /* in Resource):
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket"
    }
  ]
}

Right example:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
📊

Quick Reference

Remember these key points when setting bucket policies:

  • Version: Always use "2012-10-17" for compatibility.
  • Effect: Use "Allow" to grant permissions, "Deny" to block.
  • Principal: Specify who can access; use "*" for everyone.
  • Action: Define allowed actions like s3:GetObject, s3:PutObject.
  • Resource: Use full ARN with /* for objects inside the bucket.

Key Takeaways

Bucket policies are JSON documents that control access to your S3 bucket and its objects.
Always include /* at the end of the Resource ARN to cover all objects inside the bucket.
Use Principal "*" carefully as it grants public access to your bucket.
Apply the policy using AWS Console, CLI, or SDK after creating it.
Bucket policies differ from IAM policies; they specifically control bucket-level permissions.

Related by keyword

Inline Policy vs Managed Policy in AWS: Key Differences and UsageIAMHow to Attach a Policy to an AWS Role: Simple StepsIAMHow to Create Custom IAM Policy in AWS: Simple GuideIAMHow to Create IAM Policy in AWS: Step-by-Step GuideIAMWhat is Trust Policy in AWS: Simple Explanation and ExampleIAM

Up next

What is Placement Group in EC2: Explanation and Use CasesAWS Spot Instance: What It Is and How It WorksHow to Create AWS Lambda Function: Simple StepsHow to Create AWS Lambda Layer: Step-by-Step Guide

More in S3

ACL vs Bucket Policy in S3: Key Differences and Usage GuideHow to Create an S3 Bucket in AWS: Simple StepsHow to Delete a File from AWS S3 Bucket EasilyHow to Delete an S3 Bucket in AWS: Simple Steps