I plan to add more of these over time but for starters, here are a few helpful bucket policies I use while hosting static websites on AWS S3.
ACCESS
Public Access
If you're building an Angular app or a single landing page, this is pretty much all you need.
{
"Version": "2012-10-17",
"Id": "Policy1486443919047",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.mydomain.com/*"
}
]
}
Limited Public Access
Suppose you have multiple folders within an S3 bucket and you want to provide limited access to your media but not your logs. Here's a simple example.
{
"Version": "2012-10-17",
"Id": "Policy1486443919047",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::www.mydomain.com/podcasts/*",
"arn:aws:s3:::www.mydomain.com/images/*",
"arn:aws:s3:::www.mydomain.com.fm/videos/*"
]
},
{
"Sid": "DenyPublicRead",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::www.mydomain.com/logs/*"
]
}
]
}
SAFEGUARDS
Measures designed to help to protect someone or something from doing something undesirable.
Prevent your team from accidentally deleting a bucket website
If you're hosting a website on S3, you probably want to include this at the very minimum. This has saved my life many many times.
This is also helpful when you're using an S3 bucket as a website redirect.
{
"Version": "2012-10-17",
"Id": "Policy1486196939555",
"Statement": [
{
"Sid": "Stmt1486196931891",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:DeleteBucket",
"s3:DeleteBucketWebsite"
],
"Resource": "arn:aws:s3:::www.mydomain.com"
}
]
}
Deploying Rails 5.x on AWS ElasticBeanstalk using AWS CodeCommit
How to deploy your Rails app on ElasticBeanstalk (including S3 buckets, security groups, load balancers, auto-scalling groups and more) using CodeCommit.