30

I am new to the aws cli and I've spent a fair amount of time in the documentation but I can't figure out how to set permissions on files after I've uploaded them. So if I uploaded a file with:

aws s3 cp assets/js/d3-4.3.0.js s3://example.example.com/assets/js/

and didn't set access permissions, I need a way to set them. Is there an equivalent to chmod 644 in the aws cli?

And for that matter is there a way to view access permission?

I know I could use the --acl public-read flag with aws s3 cp but if I didn't, can I set access without repeating the full copy command?

Amanda
  • 12,099
  • 17
  • 63
  • 91

1 Answers1

37

The awscli supports two groups of S3 actions: s3 and s3api.

You can use aws s3api put-object-acl to set the ACL permissions on an existing object.

The logic behind there being two sets of actions is as follows:

  • s3: high-level abstractions with file system-like features such as ls, cp, sync
  • s3api: one-to-one with the low-level S3 APIs such as put-object, head-bucket

In your case, the command to execute is:

aws s3api put-object-acl --bucket example.example.com --key assets/js/d3-4.3.0.js --acl public-read
jarmod
  • 71,565
  • 16
  • 115
  • 122
  • 7
    Bonus: you can also use `get-object-acl` to see the existing permissions. `aws s3api get-object-acl --bucket bucket.name --key path/to/file.ext` – Amanda Dec 13 '16 at 02:23
  • 7
    Any way to do this for all files in a bucket? CLI doesn't seem to accept wild cards for the --key parameter. – PrgTrdr Oct 16 '17 at 20:25
  • 2
    @PrgTrdr You can apply a bucket policy (see https://stackoverflow.com/questions/19176926/how-to-make-all-objects-in-aws-s3-bucket-public-by-default) or apply an ACL for each object, but that has to be done object-by-object. There are also third-party tools (such as http://s3browser.com/share-s3-bucket-edit-acls.php). – jarmod Oct 16 '17 at 20:47
  • 3
    could this be hidden away any more than it is? – James Woolfenden Mar 04 '19 at 17:22
  • 1
    @JamesWoolfenden I am used to GCP and only getting into AWS now. I am surprised by how much more user-friendly GCP is in almost every way imaginable. – Macindows Jan 07 '20 at 06:35
  • @Macindows you're not wrong - AWS for engineers and GCP for developers – James Woolfenden Jan 07 '20 at 15:17