Menu
AWS SDK for JavaScript
Developer Guide for SDK v2.153.0

Working with Amazon S3 Bucket Policies

JavaScript code example that applies to Node.js execution

This Node.js code example shows:

  • How to retrieve the bucket policy of an Amazon S3 bucket.

  • How to add or update the bucket policy of an Amazon S3 bucket.

  • How to delete the bucket policy of an Amazon S3 bucket.

The Scenario

In this example, a series of Node.js modules are used to retrieve, set, or delete a bucket policy on an Amazon S3 bucket. The Node.js modules use the SDK for JavaScript to configure policy for a selected Amazon S3 bucket using these methods of the Amazon S3 client class:

For more information about bucket policies for Amazon S3 buckets, see Using Bucket Policies and User Policies in the Amazon Simple Storage Service Developer Guide.

Prerequisite Tasks

To set up and run this example, you must first complete these tasks:

Configuring the SDK

Configure the SDK for JavaScript by creating a global configuration object then setting the region for your code. In this example, the region is set to us-west-2.

Copy
// Load the SDK for JavaScript var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'us-west-2'});

Retrieving the Current Bucket Policy

Create a Node.js module with the file name s3_getbucketpolicy.js. The module takes a single command-line argument that specifies the bucket whose policy you want. Make sure to configure the SDK as previously shown.

Create an AWS.S3 service object. The only parameter you need to pass is the name of the selected bucket when calling the getBucketPolicy method. If the bucket currently has a policy, that policy is returned by Amazon S3 in the data parameter passed to the callback function.

If the selected bucket has no policy, that information is returned to the callback function in the error parameter.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create S3 service object s3 = new AWS.S3({apiVersion: '2006-03-01'}); var bucketParams = {Bucket: process.argv[2]}; // call S3 to retrieve policy for selected bucket s3.getBucketPolicy(bucketParams, function(err, data) { if (err) { console.log("Error", err); } else if (data) { console.log("Success", data.Policy); } });

To run the example, type the following at the command line.

Copy
node s3_getbucketpolicy.js BUCKET_NAME

This sample code can be found here on GitHub.

Setting a Simple Bucket Policy

Create a Node.js module with the file name s3_setbucketpolicy.js. The module takes a single command-line argument that specifies the bucket whose policy you want to apply. Configure the SDK as previously shown.

Create an AWS.S3 service object. Bucket policies are specified in JSON. First, create a JSON object that contains all of the values to specify the policy except for the Resource value that identifies the bucket.

Format the Resource string required by the policy, incorporating the name of the selected bucket. Insert that string into the JSON object. Prepare the parameters for the putBucketPolicy method, including the name of the bucket and the JSON policy converted to a string value.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create S3 service object s3 = new AWS.S3({apiVersion: '2006-03-01'}); var readOnlyAnonUserPolicy = { Version: "2012-10-17", Statement: [ { Sid: "AddPerm", Effect: "Allow", Principal: "*", Action: [ "s3:GetObject" ], Resource: [ "" ] } ] }; // create selected bucket resource string for bucket policy var bucketResource = "arn:aws:s3:::" + process.argv[2] + "/*"; readOnlyAnonUserPolicy.Statement[0].Resource[0] = bucketResource; // convert policy JSON into string and assign into params var bucketPolicyParams = {Bucket: process.argv[2], Policy: JSON.stringify(readOnlyAnonUserPolicy)}; // set the new policy on the selected bucket s3.putBucketPolicy(bucketPolicyParams, function(err, data) { if (err) { // display error message console.log("Error", err); } else { console.log("Success", data); } });

To run the example, type the following at the command line.

Copy
node s3_setbucketpolicy.js BUCKET_NAME

This sample code can be found here on GitHub.

Deleting a Bucket Policy

Create a Node.js module with the file name s3_deletebucketpolicy.js. The module takes a single command-line argument that specifies the bucket whose policy you want to delete. Configure the SDK as previously shown.

Create an AWS.S3 service object. The only parameter you need to pass when calling the deleteBucketPolicy method is the name of the selected bucket.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create S3 service object s3 = new AWS.S3({apiVersion: '2006-03-01'}); var bucketParams = {Bucket: process.argv[2]}; // call S3 to delete policy for selected bucket s3.deleteBucketPolicy(bucketParams, function(error, data) { if (error) { console.log("Error", err); } else if (data) { console.log("Success", data); } });

To run the example, type the following at the command line.

Copy
node s3_deletebucketpolicy.js BUCKET_NAME

This sample code can be found here on GitHub.