S3
Move s3 bucket to different region
-- Create tmpbucket
$ aws s3 sync s3://foobucket s3://tmpbucket --source-region us-west-1 --region us-west-2
$ aws s3 rb s3://foobucket --force
-- Recreate foobucket in us-west-2, but you might have to wait due to caching
$ aws s3 sync s3://tmpbucket s3://foobucket --source-region us-west-2 --region us-west-2
S3 Bucket Public Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::Bucket-Name/*"
]
}
]
}
S3 Example Policies
{
"Version": "2012-10-17",
"Id": "Policy1581334683281",
"Statement": [
{
"Sid": "Stmt1581335507867",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::cdn-shebaxyz/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"https://www.example.com"
]
}
}
},
{
"Sid": "Stmt1581334681539",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"1.1.1.1",
"2.2.2.2",
"3.3.3.3",
"4.4.4.4"
]
}
}
},
{
"Sid": "AllowSSLRequestsOnly",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
S3 copy to local
aws s3 cp s3://<bucket_name>/<object_name> .
S3 Copy to remote
aws s3 cp s3://aws-s3-cp-tutorial/ . --recursive