Making Files Public6:20 with David Baumgold
S3 can also be used to host files on the public internet. Want to share a large file with the world? S3 makes it easy.
- Permissions — A way of specifying who has access to your files, and how they can access them.
- ACL — An acronym for “Access Control List”. It means essentially the same thing as permissions.
- Bucket vs Object — Permissions can apply to your bucket as a whole, or to an individual object (file) in your bucket. Different files in the same bucket can have different permissions.
- Read vs Write — Read permissions are about looking, but not touching. Write permissions are about making changes. For example, if you give everyone read permissions on a file in your bucket, then everyone can download it -- but they can’t change the file in your bucket. If you give everyone write permission on your bucket, then they can change the files in your bucket. (Giving write permissions to everyone is usually a bad idea!)
- Object access vs Permission access — Object access refers to how the object (or bucket) can be read or written. Permission access refers to who is allowed to change permissions on the object (or bucket). Generally, you only want to modify object access, not permission access.
Uploading files to Amazon S3 is a great way to keep backups of your important 0:00 private files. 0:04 But S3 can also share your files with others, if you ask it to. 0:05 Have you ever tried to e-mail a file to a friend and 0:09 gotten an error message saying it's too large? 0:11 Instead, you can upload that file to S3, make it publicly accessible, and 0:14 e-mail a link to it, so that your friend can download it from S3. 0:18 And you can still keep your private files secure at the same time. 0:22 To do that, we use a concept called permissions. 0:26 It's sometimes also known as Access Control Lists or ACLs. 0:29 The basic idea is, 0:33 if you own something, you can decide how to share it with others. 0:35 When you're thinking about permissions, 0:39 it's generally useful to think of it like a grid. 0:40 One axis is the who axis, who do you want to share with? 0:43 The other axis is the how axis, how can they share with you? 0:48 The simplest way to divide the who axis is to lump everyone else into one group. 0:52 It's you against the world. 0:57 And the simplest way to divide the how axis is to talk about reading data and 0:58 writing data. 1:03 This is how the permissions on your S3 bucket look by default. 1:05 You are allowed to read and write data in the Bucket, but no one else can. 1:09 In this case, writing data means modifying the bucket, uploading new files, 1:13 moving files around, and deleting files. 1:18 There's also a different set of permissions for 1:20 each individual file in a bucket. 1:22 However, file permissions are only concerned with reading data, 1:24 not writing data. 1:28 Right now, the owner has all the permissions and the world has none. 1:29 What happens if we change that? 1:33 If you give out the read permission for 1:35 the bucket, then others can see which files are in the bucket, but 1:37 they can't actually download any files from the bucket. 1:40 If you give out the read permission for 1:43 a file in the bucket, then others will be able to download that file. 1:45 And if you give out the write permission for the bucket, then others can modify 1:50 what's in the bucket, including uploading new files or deleting existing files. 1:53 Be careful with giving out write permissions, because you're still 1:59 responsible for paying AWS for files that others upload into your bucket. 2:02 So let's see how we handle these permissions in practice. 2:06 I'll open up my bucket, and you can see at the top of the page there are four tabs, 2:09 Objects, Properties, Permissions, and Management. 2:13 Objects are files and folders, and we've seen how to handle those. 2:16 We're going to ignore Properties and Management for now, and 2:19 click on Permissions. 2:21 You've got a grid here, just like you saw earlier. 2:23 There are three options for who can get permissions, treehouse, 2:25 that's me, any authenticated AWS user, and everyone. 2:28 We're going to ignore that any authenticated AWS user, 2:33 because it's basically a more complicated form of the everyone option. 2:36 And for the how access, we've got Read and Write for 2:39 both object access and permissions access. 2:42 Permissions access is the ability to read and write permissions. 2:45 If you have the ability to write permissions, 2:49 then you can give yourself and others whatever permissions you'd like. 2:51 That's a powerful thing, but it's not related to making files public, so 2:54 we're not going to talk about it in this video. 2:57 For now, I'm not going to make any changes to this tab. 2:59 Instead, I'm going to go back to the Objects tab and 3:02 click on one of the files in the bucket. 3:05 When I open a file in a bucket, 3:06 you can see that there's a Permissions tab here as well. 3:08 It looks the same, but it's for 3:10 permissions on the file instead of on the bucket. 3:12 Just as we talked about earlier, the write permission doesn't apply for 3:14 permissions on a file. 3:17 In order to write files into the S3 bucket, 3:18 you need write permissions on the bucket, not on the file. 3:20 The Read permissions is important though, 3:23 it determines whether people can download the file. 3:25 Let's give it a try. 3:28 For now, we'll leave the permissions at their defaults. 3:29 Notice that the Everyone group does not have a read access to the file. 3:31 On the Overview tab, there's a link to the file. 3:35 What happens if we open that link? 3:37 That doesn't look like the treehouse logo at all. 3:42 Instead, S3 it's showing an error message, Access Denied. 3:44 You see, I can download the file from S3 while I'm on the S3 Management console, 3:48 because on here, I'm logged in and S3 knows who's asking for the file. 3:52 That link is a public link that anyone can use. 3:56 S3 doesn't know that it's me, and so 3:59 it uses the everyone permissions to determine if I can download the file. 4:01 As we just saw, the everyone group does not have permission to read the file, so 4:06 S3 won't let me download it using that public link. 4:10 But you may have noticed this helpful looking Make public button, 4:13 while I was showing you around S3. 4:16 If I click that button, it's going to change the permissions for me, Success. 4:19 Can you guess what changed? 4:24 Let's look back at the permissions tab. 4:26 Now the Everyone group has read permissions, and 4:27 if I refresh that public link, hey, it worked. 4:30 Now anyone can download this file by using this link. 4:35 But what if you made a file public by accident? 4:38 Well, that's easy to fix. 4:40 Just click on the Everyone group, and 4:42 then uncheck the read permission under Object access. 4:43 Then Save and I'll refresh again. 4:48 Great, now it's private again, just like it was before. 4:53 You can modify permissions as much as you'd like. 4:56 There's one other nifty thing I want to show you. 4:59 What if we change the permissions for the bucket, instead of for an individual file? 5:01 I'll just go to my bucket permissions, 5:05 click on the Everyone group, check the Read permission and click Save. 5:07 What did that do, I'll show you. 5:12 You see the structure of this URL? 5:14 It has the bucket name in it, treehouse-course. 5:16 And it also has the filename in it, image.png. 5:19 I'm going to take off the filename, so we just have the bucket. 5:22 Now I'm getting a list of every file that's in the bucket. 5:26 See, there is the image.png file that we were looking at. 5:28 If you make this public, then anyone can see what files are in the bucket, 5:32 although they may not be able to download the files, of course. 5:35 If you don't want this information to be public, 5:38 you can go back to the bucket permissions and turn it off. 5:41 See, now the contents of your bucket are private again. 5:51 S3 lets you store files privately or share them with the world. 5:55 Permissions make it easy to specify which files should be public and 5:59 which should be private, and fortunately, if you make a mistake, it's easy to fix. 6:02 Making files public on S3 is a great way to share them with others, 6:08 even files that are too large to send via email. 6:12 There's a lot more you can do with permissions, but that's a topic for 6:15 a future course. 6:18
You need to sign up for Treehouse in order to download course files.Sign up