riakriak-cs

Riak CS public ACL by default for new objects


Is it possible to make Riak CS apply ACL with public access by default upon new bucket or file in some bucket created? I mean I wanna put files for example using simply

s3cmd put file.jpg s3://my-bucket

And I'd like to have file.jpg in my-bucket to be public accessible.


Solution

  • Do you mean that "objects are anonymously readable" by "public access"? I will continue with the assumption that it is true.

    Because ACL is per bucket or per object, bucket policy will be more suitable for the use case. After creating the bucket my-bucket, one can set particular bucket policy through PUT Bucket Policy API [1].

    Example policy JSON to allow public access to the bucket is like this:

    {
        "Version": "2008-10-17",
        "Id": "Policy1355283297687",
        "Statement": [
            {
                "Sid": "Stmt1355283289",
                "Action": [
                    "s3:GetObject"
                ],
                "Effect": "Allow",
                "Resource": "arn:aws:s3:::my-bucket/*",
                "Principal": { "AWS": ["*"] }
            }
        ]
    }
    

    Then you can PUT it with proper URL as API doc [1] by any means, a simple way is to use s3cmd as

    s3cmd setpolicy </path/to/above/json/as/file> s3://my-bucket
    

    Then each object written under the bucket can be accessed by any user including anonymous one.

    Unfortunately there is no way to apply such bucket policy at creating bucket but, I hope, it's not difficult to write wrapper script to create bucket and apply policy to it.

    [1] http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTpolicy.html