# Bucket policy examples ### Grant public read-only access to a bucket ใช้ policy นี้สำหรับอนุญาตให้ read-only ข้อมูลใน bucket เท่านั้น ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadOnlyAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-public-bucket/*" } ] } ``` ### Deny public access to a bucket ใช้ policy นี้สำหรับไม่อนุญาตให้เข้าถึง bucket ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyPublicAccess", "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": ["arn:aws:s3:::my-private-bucket", "arn:aws:s3:::my-private-bucket/*"] } ] } ``` ### Allow access from a specific IP range ใช้ policy นี้สำหรับเข้าถึง bucket ที่ user เชื่อมต่อจาก IP Address ที่กำหนด ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccessFromIP", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-secure-bucket/*", "Condition": { "IpAddress": { "aws:SourceIp": "192.168.1.0/24" } } } ] } ``` ### Grant access to another S3 user ใช้ policy นี้สำหรับอนุญาต user S3 อื่นๆ ให้เข้าถึง bucket ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccountUpload", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::4de50c40e0254e8d987470bfb84980a1:862871b203ca9580" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::my-shared-bucket/*" } ] } ``` ### Allow access to a specific folder ใช้ policy นี้สำหรับให้สิทธ์การเข้าถึง bucket ได้เฉพาะ path ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowFolderAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/folder1/*" } ] } ``` ### Restrict access to objects within a specific path ใช้ policy นี้สำหรับอนุญาตให้ user สามารถแสดงรายของข้อมูลใน bucket ได้ แต่ไม่สามารถเข้าถึง bucket ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowListSpecificPrefix", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::4de50c40e0254e8d987470bfb84980a1:862871b203ca9580" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::my-bucket", "Condition": { "StringEquals": { "s3:prefix": "my-folder/" } } }, { "Sid": "AllowGetSpecificFolder", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::4de50c40e0254e8d987470bfb84980a1:862871b203ca9580" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/my-folder/*" } ] } ``` ### Require a minimum TLS version ใช้ policy นี้สำหรับไม่อนุญาตให้อัพโหลดข้อมูลใน bucket ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*" ], "Condition": { "NumericLessThan": { "s3:TlsVersion": 1.2 } } } ] } ``` ### Prevent deletion of objects ใช้ policy นี้สำหรับป้องกัน bucket ที่มีข้อมูลสำคัญ และไม่อนุญาตให้ลบข้อมูลได้ ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyObjectDeletion", "Effect": "Deny", "Principal": "*", "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::my-bucket/*" } ] } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://readyidc.gitbook.io/readyidc-docs/readme/s3-resources/managing-buckets/managing-bucket-policies/bucket-policy-examples.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.