Bucket policy for friendly file exchange on Amazon S3
We sometimes need to exchange huge files with our customers and partners (too big to fit within the typical storage limits of Basecamp, or the free tier on Google Drive, Dropbox, etc). There are now many user-friendly client apps for Amazon S3. I like Cyberduck. Combined with AWS's flexible policy system, setting up a transfer bucket is a snap.
We sometimes need to exchange huge files with our customers and partners (too big to fit within the typical storage limits of Basecamp, or the free tier on Google Drive, Dropbox, etc).
There are now many user-friendly FTP-like apps for Amazon S3. I like Cyberduck. Combined with AWS's flexible policy system, setting up a transfer bucket is a snap.
The benefits include:
- Low cost
- Maintainance-free
- Good security; clickable URLs with time-limited access tokens
- Lifecycle rules to automatically archive / delete old files
- Files up to 5 terabytes
Most of the steps needed are intuitive within the AWS web console. The key is understanding the policy documents, which are JSON objects that declare the security rules for AWS resources. This is the policy I use for allowing read/write access. Replace "examplebucket" with your bucket name.
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::examplebucket",
"arn:aws:s3:::examplebucket/*"
]
}
]
}
Setup steps
- Create an S3 bucket
- Create an IAM group (Identity and Access Management) with your policy document
- Create IAM user(s), taking care to save the access credentials
- Add your new user(s) to the group
Now that you have done the hard work, your peers will be able to send and receive huge files with drag-n-drop simplicity.