I've been experimenting with various Amazon S3 publishing settings 🎉
Advance Preparation
- Amazon S3 bucket creation and file registration
Amazon S3 #001 - Creating a bucket
Amazon S3 #002 - File registration and download
File Publishing
This is how to publish a file in Amazon S3.
Click "Edit" in the section of "Block Public Access (Bucket Settings)" under the "Permissions" tab.
Uncheck "Block All Public Access."
Since the file will not be published only with these settings, click "Edit" for the bucket policy.
Configure the bucket policy → Click "Save Changes." This time, we grant permissions to retrieve objects from Amazon S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[Bucket Name]/*"
}
]
}
Make sure that the access permission is set to public.
The file will be displayed when you access the URL directly.
Publish the File Only to the Specified IP
This is a method to publish files only to specified IPs in Amazon S3.
Click "Edit" in the section of "Block Public Access (Bucket Settings)" under "Permissions" tab.
Uncheck "Block All Public Access".
The file will not be published only with these settings, so click "Edit" for the bucket policy.
Configure the bucket policy → Click "Save Changes." This time, we grant permissions to retrieve objects from Amazon S3 and access permissions for the specified IP.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[Bucket Name]/*"
},
{
"Sid": "IP",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[Bucket Name]/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "[Allow IP]"
}
}
}
]
}
Make sure that the access permission is set to public; it will not be displayed publicly if IP restrictions are set.
If you access the URL directly from the IP you set, the file will be displayed. The file will not be displayed except for the specified IP.
Public Display of Files Only for Specified Period
This is a method to publish a file only for a specified period of time in Amazon S3.
Select the target file.
Click Object Action → Click "Share with signed URL".
Set the target period → Click "Create signed URL". Accessing the URL copied to the clipboard will confirm that the file will be displayed for the duration.
Static Website Hosting
A note on publishing with Amazon S3's static website hosting.
Upload a set of HTML and other files that you want to publish.
Click "Edit" in the section of "Block Public Access (Bucket Settings)" under the "Permissions" tab.
Uncheck "Block All Public Access."
This is not enough to make the file public, so click "Edit" under Bucket Policy.
Configure the bucket policy → Click "Save Changes". This time, we grant permissions to retrieve objects from Amazon S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[Bucket Name]/*"
}
]
}
Make sure that the access permissions are set to public.
Click "Edit" in the section of "Static Website Hosting" under "Permissions" tab.
Check "Enable", "Host Static Website", and Set Root HTML → Click "Save Changes".
Confirm that Static Website Hosting is now enabled; you will be issued a URL to access.
The WebSite you uploaded will be displayed.
It was great to recognize once again that it is possible to set various things with Amazon S3 alone. It is also possible to build it with AWS Amplify, ServerlessFramework, CloudFormation, etc., but it is also important to operate S3 from the AWS Management Console and review the basics 💡
In the next article, I would like to introduce another method that combines Amazon CloudFront.
Related Articles