Automate Public Sharing via S3 API
This How-To is for those who do want to do public sharing of files by automation tools. This might not be the only way, but the one also used by Contabo's Object Storage Panel. This relies on so called policies.
Setup your S3 tool
The easiest way is to use aws cli. Please make sure to have it installes and configured properly.
Enable Public Sharing for a file
Create a file public-sharing-policy.json with following content
{
"Id": "your-fancy-name",
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::foldername/file"
],
"Principal": "*"
}
]
}
This basically allows (Effect) reading Objects (s3:GetObject) by everyone (Principal) for the specified file (Resource).
Example for Enabling
Example values
- S3 URL = https://eu2.contabostorage.com
- Bucket = foo
- File to share = foo/test.jpg
- Policy file = public-sharing-policy.json with following contents
{
"Id": "public-share-example-test",
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::foo/test.png"
],
"Principal": "*"
}
]
}
aws --profile eu2 --endpoint-url https://eu2.contabostorage.com s3api put-bucket-policy --bucket foo --policy file://public-sharing-policy.json
The URL would be https://eu2.contabostorage.com/{s3TenantId}:foo/test.png. The s3TenantId can be retrieved via the Contabo API.
Enable Public Sharing for a folder an all its sub items
Create a file public-sharing-policy.json with following content
{
"Id": "your-fancy-name",
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::foldername/*"
],
"Principal": "*"
}
]
}
The only difference is that you put * as a wildcard / placeholder for the file name. Of course you can have constucts like "arn:aws:s3:::foldername1/foldername2/*"
Example for Enabling
Example values
- S3 URL = https://eu2.contabostorage.com
- Bucket = foo
- Folder to share = foo/*
- Policy file = public-sharing-policy.json with following contents
{
"Id": "public-share-example-test",
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::foo/*"
],
"Principal": "*"
}
]
}
aws --profile eu2 --endpoint-url https://eu2.contabostorage.com s3api put-bucket-policy --bucket foo --policy file://public-sharing-policy.json
Please be aware that the S3 Object Storage doesn't support file listing in browser (please refer to tutorial)
The URL would be https://eu2.contabostorage.com/{s3TenantId}:foo/bar/filename.ending. The s3TenantId can be retrieved via the Contabo API.
Disable Public Sharing
To disable the Public Sharing for a file or folder you need first to get the current policy via
aws --profile eu2 --endpoint-url https://eu2.contabostorage.com s3api get-bucket-policy --bucket foo
Then remove the parts you would like to remove and do the put-bucket-policy again with the modified file. If it is the last entry in there you could also delete it completely via
aws --profile eu2 --endpoint-url https://eu2.contabostorage.com s3api delete-bucket-policy --bucket foo
But be cautious as this will delete ALL policies on that bucket.