Modifying S3 bucket permissions to make a sub-directory public

scottR · February 18, 2024, 8:59am

Hello, can anyone help?
on an S3 bucket which is private but i want to make a folder from it as Public.
also i have applied delete policy on it so no one can delete anything from it.
json for delete policy:

    "Version": "2012-10-17",
    "Id": "123",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:DeleteObject",
            "Resource": "arn:aws:s3:::bucket-name/*"
        }
    ]
}```


I want do add here (want to make sub-directory as public):


```{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-name/sub-directory/*"
        }
    ]
}```


combined Json will be?

pOdom · February 18, 2024, 9:12am

Statement is an array, so it will hold both the objects, you just need a comma between them {...}, {...}

pOdom · February 18, 2024, 9:45am

note also you can use Object Lock settings to prevent deletion, incl. a governance lock that can’t be turned off (by anyone) - depending on your needs that might be a better option than a policy that people could edit