Bucket policy for friendly file exchange on Amazon S3

We sometimes need to exchange huge files with our customers and partners (too big to fit within the typical storage limits of Basecamp, or the free tier on Google Drive, Dropbox, etc).

There are now many user-friendly FTP-like apps for Amazon S3. I like Cyberduck. Combined with AWS's flexible policy system, setting up a transfer bucket is a snap.

The benefits include:

• Low cost
• Maintainance-free
• Good security; clickable URLs with time-limited access tokens
• Lifecycle rules to automatically archive / delete old files
• Files up to 5 terabytes

Most of the steps needed are intuitive within the AWS web console. The key is understanding the policy documents, which are JSON objects that declare the security rules for AWS resources. This is the policy I use for allowing read/write access. Replace "examplebucket" with your bucket name.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:ListBucket",
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation",
        "s3:GetBucketAcl"
      ],
      "Resource": [
        "arn:aws:s3:::examplebucket",
        "arn:aws:s3:::examplebucket/*"
      ]
    }
  ]
}

Setup steps

1. Create an S3 bucket
2. Create an IAM group (Identity and Access Management) with your policy document
3. Create IAM user(s), taking care to save the access credentials
4. Add your new user(s) to the group

Now that you have done the hard work, your peers will be able to send and receive huge files with drag-n-drop simplicity.