We currently have an S3 bucket policy which makes everything public.
At the moment we a bucket "bucket1" and inside there are numbered sub folders for each entry numbers 01 upwards (e.g. 01, 02, 03) and inside that always a folder called "128".
What we want to do is make the files in the 128 folders always public.
So we'd need something to allow "bucket1/*/128" and everything else only be accessible with a time stamped signature.
Presuming this is possible but wouldn't know how to create the statement.
I've done it!
I was trying all kinds of long-winded over-thought methods to try and accomplish this including the little known "not resource" when all I needed to do was take the default "allow all" policy and apply it to my specified sub-folders!
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::BUCKETNAME/*/128/*"
}
]
}
Note: Edited the resource name.