Amazon S3权限问题-如何一次设置所有文件的权限？

I used Cloudberry Explorer to do the job :)

You can only modify ACLs for a unique item (bucket or item), soy you will have to change them one by one.

Some S3 management applications allows you to apply the same ACL to all items in a bucket, but internally, it applies the ACL to each one by one.

If you upload your files programmatically, it's important to specify the ACL as you upload the file, so you don't have to modify it later. The problem of using an S3 management application (like Cloudberry, Transmit, ...) is that most of them uses the default ACL (private read only) when you upload each file.

I suggest that you apply a bucket policy¹ to the bucket where you want to store public content. This way you don't have to set ACL for every object. Here is an example of a policy that will make all the files in the bucket mybucket public.

{
"Version": "2008-10-17",
"Id": "http better policy",
"Statement": [
{
"Sid": "readonly policy",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/sub/dirs/are/supported/*"
}
]
}

That * in "Resource": "arn:aws:s3:::mybucket/sub/dirs/are/supported/*" allows recursion.

¹ Note that a Bucket Policy is different than an IAM Policy. (For one you will get an error if you try to include Principal in an IAM Policy.) The Bucket Policy can be edit by going the root of the bucket in your AWS web console and expanding Properties > Permissions. Subdirectories of a bucket also have Properties > Permissions, but there is no option to Edit bucket policy

I had same problem while uploading the files through program (java) to s3 bucket ..

Error: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 403

I added the origin identity and changed the bucket policy and CORS configuration then everything worked fine.

You can select which directory you want it to be public.

Press on "more" and mark it as public; it will make the directory and all the files to be accessible as public.

Using S3 Browser you can update permissions using the gui, also recursively. It's a useful tool and free for non-commercial use.

Transmit 5

I wanted to add this here for potential macOS users that already have the beautifully-crafted FTP app called Transmit by Panic.

I already had Panic and it supports S3 buckets (not sure what version this came in but I think the upgrades were free). It also supports recursively updating Read and Write permissions.

You simply right click the directory you want to update and select the Read and Write permissions you want to set them to.

It doesn't seem terribly fast but you can open up the log file by going Window > Transcript so you at least know that it's doing something.

To make a bulk of files public, do the following:

1. Go to S3 web interface
2. Open the required bucket
3. Select the required files and folders by clicking the checkboxes at the left of the list
4. Click «More» button at the top of the list, click «Make public»
5. Confirm by clicking «Make public». The files won't have a public write access despite the warning says «...read this object, read and write permissions».

Use AWS policy generator to generate a policy which fits your need. The principal in the policy generator should be the IAM user/role which you'd be using for accessing the object(s). Resource ARN should be arn:aws:s3:::mybucket/sub/dirs/are/supported/*

Next, click on "Add statement" and follow through. You'll finally get a JSON representing the policy. Paste this in your s3 bucket policy management section which is at "your s3 bucket page in AWS -> permissions -> bucket policy".

You could set ACL on each file using aws cli:

BUCKET_NAME=example
BUCKET_DIR=media
NEW_ACL=public-read


aws s3 ls $BUCKET_NAME/$BUCKET_DIR/ | \
awk '{$1=$2=$3=""; print $0}' | \
xargs -t -I _ \
aws s3api put-object-acl --acl $NEW_ACL --bucket $BUCKET_NAME --key "$BUCKET_DIR/_"