AWS S3: Private Bucket vs Public Bucket
What is S3 bucket?
s3 bucket is an object storage mechanism provided by AWS.
If you have media files, profile pictures, images, videos, audio files you can store it on S3.
You get an endpoint for those files.
S3 provides 99.999% (.11 9s) availability
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.
Customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.
Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements.
Amazon S3 is designed for 99.999999999% (11 9’s) of durability, and stores data for millions of applications for companies all around the world.
You can use EC2 or even lambda functions to operate on those objects. (eg. thumbnail generation of videos uploaded on any folder on S3)
1) When S3 Bucket is Public
-> In this case, the Developer of the mobile app will configure bucket name and upload images through that.
-> At time of displaying an image, there will be fixed type of URLs like https://bucketname.s3-eu-west-1.amazonaws.com/folder-name/image-name.extension
which will be called and an image will be displayed
2) When S3 bucket is Private
-> In this case upload scenario remains the same.
-> At time of displaying image, We need to prepare pre-signed URL from code which will consist of some credentials and timestamp, based on that image can be displayed and when timeout of 10 minutes is done, that URL will be of no use and can’t display image so we have to re-generated new URL for the same image
When to use private and public?
If stored data contains sensitive information then only go with the private bucket, otherwise, security measures can be taken care of in public buckets as well.
Public buckets can be partially or fully public.
We can set mechanism on who can access this bucket as public, can be username or ID, can also be some public IP ranges, can be any VPC
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
Attached are screenshot of how to make S3 bucket public.
While using public bucket, objects inside bucket can be viewed by anyone who has URL.
How to make S3 Bucket public ?
- Open the Amazon S3 console at https://console.aws.amazon.com/s3/.
- Select the bucket that you have configured as a static website, and choose Edit public access settings.
3. Clear Block all public access, and choose Save.
It should look like above, with all boxes unticked, click save
Now add a public policy to make bucket public
Add the following in Bucket policy Editor
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::bucketname/"
}
]
}
Click save and now all objects you add from now on, will have public access