Amazon S3 - How to Add a Private Subfolder in a Public Bucket

Amazon S3 - How to Add a Private Subfolder in a Public Bucket

AWSS3

Amazon S3 - How to Add a Private Subfolder in a Public Bucket

In this example, we had a policy that looked like this, which allowed all folders within the bucket to be public.:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-name/*"
        }
    ]
}

Within our bucket, we want to add a private folder.  Add your private folder, then edit your main bucket policy to allow access to everything except your private folder and any files within it.

{
    "Version": "2008-10-17",
    "Statement": [
            {
            "Sid": "AllowAccessToAllExceptPrivate",
              "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion"
              ],
              "Effect": "Allow",
              "NotResource": [
                "arn:aws:s3:::bucket-name/private/*",
                "arn:aws:s3:::bucket-name/private"
              ],
              "Principal": {
                "AWS": [
                  "*"
                ]
            }
        }
    ]
}

Additional resources: StackOverflow

Share this Post

Author

Avatar for mike knebel

mike knebel

Software Developer - Websites, Mobile Apps. Owner of Logistics Logic, 307WEB and 405Software
@mknebel   MikeKnebel