How to secure an AWS S3 bucket using a AWS Bucket policy [Solved]

Story Highlights
  • Knowledge is power
  • The Future Of Possible
  • Hibs and Ross County fans on final
  • Tip of the day: That man again
  • Hibs and Ross County fans on final
  • Spieth in danger of missing cut

This article will walk you thru on how to secure an AWS S3 bucket using a bucket policy – security is a key in the cloud and when resources are publicly facing. S3 bucket can become a static site and if you want users to connect only using secure channels like HTTPS then there are two ways you can do this –

  1. You can hide/secure the S3 bucket using cloudfront
  2. You can also put a bucket policy that will only allow users who are using secure protocol like “HTTPS”

Cloudfront is service and there is a cost associated with it,so lets look at how we can do this using the free method

First step is create a bucket and upload some sort for file or picture for testing

login to the AWS console, Go to S3  services and create a new bucket

Name the bucket to according to your requirements – please note the buckets names are unique and you can not use the name that is already used by  someone else and it does not have to be your account – for example if you call the bucket “test” it will not let you use it. Click next to the go the second screen


You can see that you set permission on an IAM level which is more granular than the bucket policy – bucket policy can only be applied to the top bucket and does not apply to the objects –   we will need make the bucket public so any anonymous user should be able to access it

Click on the create bucket to create the bucket

Now lets upload a picture and make the bucket object public – click on Add files to upload the files to the bucket

You can see the download.jpg was uploaded which is just a picture that I downloaded from the internet 🙂

In the drop down menu – choose grant public access and this will make the file that you are uploading public access by adding a URL

you also get the option to choose what kind of security you need and the storage class you want – I have chosen Reduced redundancy for testing purposes since this is cheapest

once you click on the uploaded picture – it will provide you the URL you can click or paste in the browser to get access to the object


below is an example of insecure access by just using HTTP on TCP port 80

Now that we know we can access the site by using the browser – we need to secure this by using the bucket policy

Below  is the policy that needs to be applied on the bucket – the policy species a condition that if the transport protocol is not secure then deny access

Now lets try to access over http again and see if the bucket accessible and you can see that the access was denied – I hope this article is useful



Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button