Bucket policy for friendly file exchange on Amazon S3

We sometimes need to exchange huge files with our customers and partners (too big to fit within the typical storage limits of Basecamp, or the free tier on Google Drive, Dropbox, etc).

There are now many user-friendly FTP-like apps for Amazon S3. I like Cyberduck. Combined with AWS's flexible policy system, setting up a transfer bucket is a snap.

The benefits include:

  • Low cost
  • Maintainance-free
  • Good security; clickable URLs with time-limited access tokens
  • Lifecycle rules to automatically archive / delete old files
  • Files up to 5 terabytes

Most of the steps needed are intuitive within the AWS web console. The key is understanding the policy documents, which are JSON objects that declare the security rules for AWS resources. This is the policy I use for allowing read/write access. Replace "examplebucket" with your bucket name.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:ListBucket",
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation",
        "s3:GetBucketAcl"
      ],
      "Resource": [
        "arn:aws:s3:::examplebucket",
        "arn:aws:s3:::examplebucket/*"
      ]
    }
  ]
}

Setup steps

  1. Create an S3 bucket
  2. Create an IAM group (Identity and Access Management) with your policy document
  3. Create IAM user(s), taking care to save the access credentials
  4. Add your new user(s) to the group

Now that you have done the hard work, your peers will be able to send and receive huge files with drag-n-drop simplicity.

Comments

Nice, Dylan! I can't tell you how many times we've needed to swap files with a customer and inevitably gotten to the"so who wants to setup the FTP site?" How nice to have a more civilized option other than Dropbox!

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>, <java>, <php>. The supported tag styles are: <foo>, [foo].
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Ready for transformation?