On
It can be done by setting policy for specific object with something like:
import boto3, json
public_read_write_policy = {
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::BUCKET_NAME"
],
"Sid": ""
},
{
"Action": [
"s3:ListBucket"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"OBJECT_NAME",
]
}
},
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::BUCKET_NAME"
],
"Sid": ""
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::BUCKET_NAME/OBJECT_NAME",
],
"Sid": ""
}
],
"Version": "2012-10-17"
}
try:
s3 = boto3.client('s3',
aws_access_key_id='ACCESS_KEY',
aws_secret_access_key='SECRET_KEY',
endpoint_url="S3_ENDPOINT",
use_ssl=False,
verify=False,
)
policy = {
"Version": "2012-10-17",
"Statement": public_read_write_policy
}
s3.put_bucket_policy(Bucket='BUCKET_NAME', Policy=json.dumps(policy))
except Exception as e:
print(e)
You need to check other S3 settings. For example, you need to disable "S3 Block Public Access", since Block Public Access will take precedence. Also, you need to check bucket policy to allow access. Please note, it's a good idea to use pre-signed url.