Spaces Object Storage is an S3-compatible object storage service. Spaces buckets let you store and serve large amounts of data, and the built-in CDN minimizes page load times and improves performance.
Bucket policies define access control rules for Spaces buckets using JSON-based policies. They specify who can access the bucket and what actions they can perform, such as setting access permissions, modifying ACLs, or configuring CORS settings. You can configure and set bucket policies using the Spaces API, AWS CLI, or s3cmd.
While Access Control Lists (ACLs) provide basic, predefined permissions for individual users or groups, bucket policies offer more flexible, JSON-based rules that enable fine-grained access control for Spaces buckets. Bucket policies are recommended for managing complex permissions and conditional access, while ACLs work well for simple permission settings.
To configure bucket policies with the API, see Configure a Bucket’s Bucket Policies. Alternatively, you can use AWS CLI to configure bucket policies.
s3cmd
You can also configure bucket permissions using s3cmd. Below are examples for setting a public read policy and setting a private access policy. Substitute the variables as needed.
To allow public read access to all objects in a Space, first create a public-policy.json file with the following content to allow public read access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-space-name/*"
}
]
}
This public-policy.json file contains a valid JSON policy granting public read access to all objects in your specified Space. Set the policy using the following command:
s3cmd setpolicy public-policy.json s3://your-space-name
To restrict access to only the bucket owner, create a file private-policy.json with the following content to restrict access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-space-name/*"
}
]
}
This private-policy.json file applies a policy that ensures only the owner has access to the objects in the Space. Set the policy using the following command:
s3cmd setpolicy private-policy.json s3://your-space-name
For more details, see the s3cmd documentation.