How do I restrict S3 upload permissions to specific file types?
When you are working with S3 buckets, you often want to restrict what file types can be uploaded due to compliance, security, or operational requirements. Here’s how you can set up those permissions effectively.
We’ll create an S3 bucket, and attach a bucket policy that allows only uploads of certain file types. For this example, we will restrict uploads to .jpg
and .png
files.
Explanation
- S3 Bucket: This is the storage unit where you’ll upload your files.
- Bucket Policy: This JSON-based policy allows you to specify fine-grained access controls.
Code Example
This program sets up an S3 bucket and a bucket policy that restricts uploads to .jpg
and .png
files:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3.BucketV2("example", {bucket: "example-bucket-restricted-uploads"});
const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
bucket: example.bucket,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowOnlyCertainFileTypes",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket-restricted-uploads/*",
"Condition": {
"StringNotLike": {
"s3:prefix": [
"*.jpg",
"*.png"
]
}
}
}
]
}
`,
});
export const bucketName = example.bucket;
export const bucketPolicy = exampleBucketPolicy.id;
Summary
In this example, we created an S3 bucket and attached a bucket policy that restricts uploads to only allow files with .jpg
and .png
extensions. This ensures that only specific types of files can be uploaded to your S3 bucket, enhancing compliance and security.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.