07 September 2013 Joe Chan

How to make an anonymous S3 REST request

I recently had a problem where the bucket owner could not access or modify an object. It turns out that the object was created with an anonymous (unauthenticated) user and had the following ACL and properties:

ExampleObject.txt

  • Bucket owner: Joe
  • Object owner: Anonymous
  • Creator: Anonymous
Grantee Permission
Anonymous Write

Solution

To make it so that the bucket owner could access the file again, we need to add ACL rules to the object that look like this:

Grantee Permission
Joe Read

Joe, however, currently can’t modify the ACL because of the current ACL rules.

To make an anonymous request, we can use the curl tool.

From the API docs for Put Acl, an example request looks like this:

Example request

PUT ExampleObject.txt?acl HTTP/1.1
Host: examplebucket.s3.amazonaws.com
x-amz-acl: public-read
Accept: */*
Authorization: AWS AKIAIOSFODNN7EXAMPLE:xQE0diMbLRepdf3YB+FIEXAMPLE=
Host: s3.amazonaws.com
Connection: Keep-Alive

Example curl command to grant Joe read access to the ExampleObject.txt

curl -X PUT \
-H 'x-amz-grant-read: emailAddress="[email protected]"' \

http://examplebucket.s3.amazonaws.com/ExampleObject.txt?acl


blog comments powered by Disqus