Member-only story
Provide access to AWS S3 without authentication
Share files within Organization or with Peers
You may find yourself in a situation where your on-prem server may require access to files in your s3 bucket or by your peer organization which are not in AWS. You may also have multiple aws accounts and you keep a central repository to be used by others.
Creating and maintaining AWS IAM credentials and rotating it require operational overhead. Using bucket policy we can overcome the issue. I will outline below three solutions to the problem.
- Restrict access via public ip — replace 1.2.3.4 with you public ip.
You can now use curl to get access to the object — e.g.
curl https://s3-ap-southeast-2.amazonaws.com/your-bucket/test.zip
2. Restrict Access via Organization ID — To allow access from other accounts in your organization we used to provide principal name like below which not only error prone but requires modification of the policy to add new user.
“Principal”: { “AWS”:[ “arn:aws:iam::094697565664:user/Bob” ]
Although you could use like below for all users in that account, you still need to add other accounts and where there are hundreds of…
