1
00:00:00,330 --> 00:00:03,450
‫So, let's go ahead and make a bucket policy

2
00:00:03,450 --> 00:00:07,950
‫so that we can access this coffee file from the public URL.

3
00:00:07,950 --> 00:00:11,040
‫So to do so, let's go under the Permissions tabs.

4
00:00:11,040 --> 00:00:14,550
‫And the first thing we have to do is to allow public access

5
00:00:14,550 --> 00:00:15,540
‫from the bucket setting

6
00:00:15,540 --> 00:00:17,820
‫because right now, everything is blocked.

7
00:00:17,820 --> 00:00:20,850
‫So we edit this, and we're going to untick this,

8
00:00:20,850 --> 00:00:23,970
‫and therefore, we will allow public access.

9
00:00:23,970 --> 00:00:26,310
‫But again, this is something you would disable only

10
00:00:26,310 --> 00:00:30,540
‫and only if you know you want to set a public bucket policy.

11
00:00:30,540 --> 00:00:31,800
‫So this is dangerous action.

12
00:00:31,800 --> 00:00:33,870
‫So we say yes because, of course,

13
00:00:33,870 --> 00:00:37,110
‫if you sets data, real data of your company

14
00:00:37,110 --> 00:00:39,060
‫on an S3 bucket and you make this public,

15
00:00:39,060 --> 00:00:41,580
‫you have data leaks, and that can never be good.

16
00:00:41,580 --> 00:00:42,960
‫So now, under permissions

17
00:00:42,960 --> 00:00:46,290
‫or review, the access that objects can be public.

18
00:00:46,290 --> 00:00:47,670
‫So that's the first step.

19
00:00:47,670 --> 00:00:50,730
‫Next, we scroll down, and we look at Bucket policy.

20
00:00:50,730 --> 00:00:53,280
‫So currently, we have none, and we wanna create one

21
00:00:53,280 --> 00:00:56,250
‫so that we make our entire buckets public.

22
00:00:56,250 --> 00:00:58,200
‫So the first thing you can do is look

23
00:00:58,200 --> 00:01:01,170
‫at the policies example, and this is the documentation.

24
00:01:01,170 --> 00:01:03,240
‫And it will show you a lot of use cases

25
00:01:03,240 --> 00:01:05,460
‫on the right hand side that will show you

26
00:01:05,460 --> 00:01:09,090
‫what's the appropriate and corresponding Bucket policy.

27
00:01:09,090 --> 00:01:12,930
‫But for us, we're going to use the Policy Generator.

28
00:01:12,930 --> 00:01:15,300
‫So here is the AWS Policy Generator,

29
00:01:15,300 --> 00:01:18,270
‫and we're going to create an S3 bucket policy.

30
00:01:18,270 --> 00:01:20,430
‫So let's select the right type.

31
00:01:20,430 --> 00:01:23,400
‫We'll allow, and then the Principal is going to be a start

32
00:01:23,400 --> 00:01:25,680
‫because we want to allow anyone

33
00:01:25,680 --> 00:01:28,972
‫on the Amazon S3 Service to perform.

34
00:01:28,972 --> 00:01:32,550
‫And because we read the objects on our bucket

35
00:01:32,550 --> 00:01:34,770
‫we want to perform a GetObject.

36
00:01:34,770 --> 00:01:38,280
‫So here it is. We want to allow, GetObject

37
00:01:38,280 --> 00:01:41,880
‫and the Amazon Resource Name must be the bucket name

38
00:01:41,880 --> 00:01:43,590
‫with a "/", and then with a "*".

39
00:01:43,590 --> 00:01:45,180
‫So let's have a look first.

40
00:01:45,180 --> 00:01:48,870
‫So back into our S3 buckets, we have the buckets ARN here,

41
00:01:48,870 --> 00:01:50,280
‫the Amazon Resource Name here.

42
00:01:50,280 --> 00:01:54,960
‫So we copy it, we paste it into the Amazon Resource Name

43
00:01:54,960 --> 00:01:55,920
‫and this is not over.

44
00:01:55,920 --> 00:01:58,950
‫We add a "/", and then we add a "*".

45
00:01:58,950 --> 00:02:01,260
‫And the reason why we do this is

46
00:02:01,260 --> 00:02:06,260
‫that this action the GetObject action right here applies

47
00:02:06,570 --> 00:02:10,530
‫to objects within your buckets and therefore objects within

48
00:02:10,530 --> 00:02:14,250
‫your buckets are after "/" and their "*"

49
00:02:14,250 --> 00:02:16,050
‫to represent these objects.

50
00:02:16,050 --> 00:02:17,880
‫So let's add this statements,

51
00:02:17,880 --> 00:02:20,070
‫and then let's generate this policy.

52
00:02:20,070 --> 00:02:23,820
‫And this policy is what we copy into here.

53
00:02:23,820 --> 00:02:26,250
‫And this is a public S3 policy.

54
00:02:26,250 --> 00:02:30,630
‫So that means that GetObjects are allowed from anyone

55
00:02:30,630 --> 00:02:33,450
‫on any objects of this buckets.

56
00:02:33,450 --> 00:02:34,470
‫Okay, that's good.

57
00:02:34,470 --> 00:02:36,633
‫So let's save these changes.

58
00:02:38,460 --> 00:02:41,340
‫And there is a space here. So let's remove this.

59
00:02:41,340 --> 00:02:44,820
‫Perfect. Save these changes. Now that works.

60
00:02:44,820 --> 00:02:47,400
‫And now, as you can see under permissions

61
00:02:47,400 --> 00:02:50,100
‫of review the access is now set to public,

62
00:02:50,100 --> 00:02:52,650
‫and we get a little warning that unless you want this

63
00:02:52,650 --> 00:02:54,540
‫to be really accessible from the internet,

64
00:02:54,540 --> 00:02:56,070
‫then don't do this.

65
00:02:56,070 --> 00:02:57,570
‫Okay, so now it's publicly accessible.

66
00:02:57,570 --> 00:02:59,760
‫We can see it really from everywhere.

67
00:02:59,760 --> 00:03:02,610
‫So if we go back into our coffee.jpg file,

68
00:03:02,610 --> 00:03:06,030
‫this is the public URL, okay? The full public URL.

69
00:03:06,030 --> 00:03:07,800
‫And I'm going to refresh this page.

70
00:03:07,800 --> 00:03:10,890
‫And now, as you can see, the coffee.jpg file appears

71
00:03:10,890 --> 00:03:14,310
‫before my screen, and therefore, that object is now public.

72
00:03:14,310 --> 00:03:16,020
‫And any objects uploaded

73
00:03:16,020 --> 00:03:19,170
‫onto our Amazon S3 buckets is now going to

74
00:03:19,170 --> 00:03:21,960
‫be accessible using the public URL.

75
00:03:21,960 --> 00:03:23,670
‫Okay. So that's it for this lecture.

76
00:03:23,670 --> 00:03:26,040
‫We've had an overview of Bucket policies,

77
00:03:26,040 --> 00:03:29,310
‫and as well as a sneak peek into the Policy Generator.

78
00:03:29,310 --> 00:03:32,373
‫I hope you liked it, and I will see you in the next lecture.