| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Editing Bucket Permissions
Bucket permissions specify who is allowed access to the objects in a bucket and what permissions you have granted them. For example, one person might have only read permission while another might have read and write permissions.
To edit bucket permissions
Sign into the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3.
In the Buckets list, click the bucket whose properties you want to view.
Click Permissions, and then do any of the following:
To... Do this... Change an existing permission Beside the grantee whose permissions you want to change, select the check box for a permission to grant it, or clear the box to deny it. Add permissions for a person or group Click Add more permissions.
In Grantee box of the new line that appears, add the name of the person or group for which you want to set permissions. The name can be the email address associated with an AWS account, a canonical ID, or one of the predefined Amazon S3 groups. For a list of predefined Amazon S3 Groups, go to Who is a Grantee in the Amazon S3 Developer Guide. You can add as many as 100 grantees.
Select the check boxes next to the permissions you want to grant.
Remove a person or group from the permission list Click the "x" on the line of the grantee you want to remove.
Add a bucket policy Click Add bucket policy.
The Bucket Policy Editor appears.
Paste your bucket policy into the box provided.
For help in generating a policy, you can use the AWS Policy Generator. For examples of Amazon S3 bucket policies, see Example Cases for Amazon S3 Bucket Policies in the Amazon Simple Storage Service Developer Guide.
Click Save.
Add a Cross-Origin Resource Sharing (CORS) configuration Click Add CORS Configuration. In the CORS Configuration Editor, paste your CORS configuration into the field provided, and then click Save. For information about CORS configuration, see Enabling Cross-Origin Resource Sharing in the Amazon Simple Storage Service Developer Guide.
There are built-in groups that you can choose from the Grantee drop-down list box:
Authenticated Users – This group consists of any user that has an Amazon AWS Account.
Everyone – This group grants anonymous access to your bucket.
Log Delivery – This group grants write access to your bucket when the bucket is used to stored server access logs.
For more information about predefined Amazon S3 Groups, go to Who is a Grantee in the Amazon S3 Developer Guide.
You can grant access to an account by using the e-mail address that the user entered when signing up for an AWS account. You can grant an account any of the following permissions:
List – Allows the grantee to view a list of the objects in the bucket.
Upload/Delete – Allows the grantee to access the object when they logged in.
View Permissions – Allows the grantee to view the permissions associated with the object.
Edit Permissions – Allows the grantee to edit the permissions associated with the object.
Caution
We highly recommend against granting the Everyone group Upload/Delete permission. Doing so will allow anyone to store objects in your bucket, for which you will be billed, and allows others to delete objects that you may want to keep.
Click Save.
