download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

How to Set Bucket Policies on an Amazon S3 Bucket (PUT Bucket Policy)?

Set Bucket Policy using PUT Bucket policy


The Bucket owners can define Bucket Policies to specify permissions on the Bucket level or on the S3 Objects (Files) within the Amazon S3 Bucket . The Bucket owners add or replace Bucket Policies on the Bucket, by sending an HTTP PUT Request to the Amazon S3 Server. If the Bucket already has a policy set, the one in the request will replace it. To authenticate the request, you must be the Bucket owner. If not, Amazon S3 will return a 403 Access Denied error. If you have PutBucketPolicy permissions but you are not the owner of the Bucket, Amazon S3 will return a 405 Method Not Allowed.

 

You can send the HTTP PUT Request to AWS Server using one of the two following methods:

 

1) Set Bucket Policy using Amazon S3 API PUT Bucket - If you are a programmer, you can write a program to use the Amazon S3 REST API to set or replace Bucket Policy on a Bucket. You can refer to AWS documentation to get details on AWS supported SOAP APIs.

 

2) Set Bucket Policy using Bucket Explorer Interface- If you are not a programmer, you can simply use Bucket Explorer's user interface to set Bucket Policy without having to write any program.

Set Bucket Policy using Amazon REST API PUT Bucket


To set Bucket policy on a Bucket, you can request PUT Bucket policy. For that, you need to only use Request headers that are common to all operations. The body is a JSON string with the policy contents that contain the policy statements.

Syntax:


PUT /?policy HTTP/1.1
Host: Bucketname ;.s3.amazonaws.com
Date: date
Authorization: signatureValue
{
"Version":"2008-10-17",
"Id":"aaaa-bbbb-cccc-dddd",
"Statement" : [
{
"Effect":"Allow",
"Sid":"1",
"Principal" : {
"AWS":["1111-2222-3333","4444-5555-6666"]
},
"Action":["s3:GetObject*"],
"Resource":"arn:aws:s3:::mybucket/*"
}
]
}
 

Here, Id is unique string, under the Statement section - Sid is sub id for statement section, Effect has two valid values "Allow" or "Deny", Principal sub section determines on which this policy will apply - So mention here AWS accounts or "*" to apply for everyone. Action section is a collection of action which will apply on the resources mentioned in Resource section. Effect determines if this action is allowed or denied for the resources. The Resource value must include Bucket Name.

GET Bucket Policy using Amazon REST API


To get Bucket policy on a Bucket, you can request GET Bucket policy. For that, you need to only use Request headers that are common to all operations.

Syntax:


GET /?policy HTTP/1.1
Host: BucketName .s3.amazonaws.com
Date: date
Authorization: signatureValue
 

Set Bucket Policy using Bucket Explorer


Using Bucket Explorer, you can author policies, which either grant or deny access to any number of accounts and across a range or set of keys.

Follow the steps below to set Bucket Policy on Amazon S3 Bucket:
  1. Start Bucket Explorer and connect with your Amazon S3 Account.
  2. Select the Bucket on which you want to set Bucket policy.
  3. You can set Bucket policy by clicking on "Advance" >> "Bucket Policy" >> "Set" at Bucket toolbar.
  4. A window entitled "Bucket Policy" will open.
  5. You can add prefix or leave empty this field (if rule want to apply for the bucket)Bucket Explorer first checks if a bucket policy request has already been set on the bucket. If any policy is set, then this panel will show with the bucket policy.
  6. Write/paste "Bucket Policy" in the text area and click on "Set" button.
  7. It will display the message "Bucket Policy had been set successfully for Bucket:$ Bucket Name $" on screen.