Check out a free preview of the full AWS for Front-End Engineers (ft. S3, Cloudfront & Route 53) course:
The "Policies" Lesson is part of the full, AWS for Front-End Engineers (ft. S3, Cloudfront & Route 53) course featured in this preview video. Here's what you'd learn in this lesson:

Steve explains how bucket policies work and how to generate policies for an S3 bucket.

Get Unlimited Access Now

Transcript from the "Policies" Lesson

[00:00:00]
>> Steve Kinney: In a second, I'm gonna set up our first S3 bucket that will have static website hosting. In order to do that, I will need to set a policy on that bucket. By default, your S3 buckets are not accessible, right? Now, if we're gonna host our client side application out of an S3 bucket, then we kinda need to make it accessible, right?

[00:00:22] Well, not too accessible. So we'll learn how to set just the policy of being able to read from the bucket from anyone, but not actually write to it from the outside world cuz who knows what would happen then. So I'm gonna use it when we lab code, so let's talk about it now.

[00:00:39] So this is a policy. That version is not like when you made it, that version is like what version of AWS's policy you're using, all right? So if you go put in today's date, that's not a thing, right? This is the kind of most recent version. So we say what version of their format we're using, and now we make a statement about the policy.

[00:01:05] The effect is either allow or deny, right? In this case, we are allowing a particular thing. And principle is who, action is what, and resource is which, right? We'll look at each of those in one second. So principal is who can do the thing, action is what they can do, and then to which things.

[00:01:26] So if we go back to that policy for a second, we look, we could say, okay, anyone can get an object. And then when we create the bucket, we'll put the bucket name in there. There's a little slash star at the end, which means any file in that bucket, so it's like a wild card.

[00:01:41] So anyone can read from this bucket on the Internet. Makes sense, that's probably what we'd want for a website. You can take lucky guesses that there are actions such as like put object. We don't wanna turn that one on. [LAUGH] We wanna be able to put an object and we have permission to do that from our administrator account, or any other sub users that we grant that access to.

[00:02:03] But the outside world should only be able to read from that bucket. Cool, so let's set up our first, let's get to the point where we can start to deploy an application. So what we're gonna do, we're gonna set up a S3 bucket, we're going to set a policy on that bucket.

[00:02:19] I'll give you a hint, it might have been the one you just saw on the slide earlier. We're gonna configure that S3 bucket for static website hosting. And eventually, later on down the line, we are going to upload a React application to command line. First, we're just going to make a little index.html page, right?

[00:02:37] And eventually we're not even gonna do that manually, we'll have our CICD pipeline do it for us when all the tests pass and something gets emerged into master.