improve default bucket policy, update readme

2018-04-27 16:37:40 +02:00 · 2018-04-27 16:37:40 +02:00 · d385dde035
parent d95073f644
commit d385dde035
2 changed files with 13 additions and 1 deletions
--- a/policy.json
+++ b/policy.json
@ -25,6 +25,18 @@
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::BUCKETNAME"
+    },
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "*"
+      },
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::BUCKETNAME/*"
+      ]
    }
  ]
 }
--- a/readme.md
+++ b/readme.md
@ -10,7 +10,7 @@ Helper scripts to quickly build buckets with tidy access rights
    1. Create a user called bucket-name for simplicity.
    1. Give user right to list buckets (not view their contents).
    1. Create bucket called bucket-name.
-    1. Add bucket access policy so that user can work within the bucket.
+    1. Add bucket access policy so that user can work within the bucket. *Important:* All resources within bucket will be downloadable by anyone with a link by default.
    1. Create access tokens for the user.

 Licensed under GNU GPLv3, see `LICENSE.txt`.