Created
October 6, 2012 01:27
-
-
Save philfreo/3843375 to your computer and use it in GitHub Desktop.
AWS S3 bucket policy to make all files public (+CORS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> | |
| <CORSRule> | |
| <AllowedOrigin>*</AllowedOrigin> | |
| <AllowedMethod>GET</AllowedMethod> | |
| <MaxAgeSeconds>3000</MaxAgeSeconds> | |
| <AllowedHeader>Authorization</AllowedHeader> | |
| </CORSRule> | |
| <CORSRule> | |
| <AllowedOrigin>*</AllowedOrigin> | |
| <AllowedMethod>PUT</AllowedMethod> | |
| <MaxAgeSeconds>3000</MaxAgeSeconds> | |
| <AllowedHeader>Content-Type</AllowedHeader> | |
| <AllowedHeader>x-amz-acl</AllowedHeader> | |
| <AllowedHeader>origin</AllowedHeader> | |
| </CORSRule> | |
| </CORSConfiguration> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Sid": "AllowPublicRead", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Action": "s3:GetObject", | |
| "Resource": "arn:aws:s3:::your-bucket-name/*" | |
| } | |
| ] | |
| } |
Author
Can you confirm this still works? My OPTIONS request to s3 just freezes and nothing ever happens.
Nope?
@philfreo thanks for the helpful blog post and code examples.
@dangerfarms I just implemented this and had to make some minor changes. Specifically, Chrome was reporting a net::ERR_INSECURE_RESPONSE error on the OPTIONS call, because the certificate for https://<your bucket name>.s3.amazonaws.com isn't trusted.
To modify the code above, you could do something like
url = 'https://s3.amazonaws.com/%s/%s' % (
app.config['AWS_EMAIL_ATTACHMENTS_BUCKET_NAME',
object_name
)This has the same effect -- use this URL both as the returned value for 'url' as well as in your signed request.
@philfreo THANK YOU! 👍
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://philfreo.com/blog/how-to-allow-direct-file-uploads-from-javascript-to-amazon-s3-signed-by-python/