Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
S3 can also be used to host files on the public internet. Want to share a large file with the world? S3 makes it easy.
New Terms:
- Permissions β A way of specifying who has access to your files, and how they can access them.
- ACL β An acronym for βAccess Control Listβ. It means essentially the same thing as permissions.
Permission Levels:
- Bucket vs Object β Permissions can apply to your bucket as a whole, or to an individual object (file) in your bucket. Different files in the same bucket can have different permissions.
- Read vs Write β Read permissions are about looking, but not touching. Write permissions are about making changes. For example, if you give everyone read permissions on a file in your bucket, then everyone can download it -- but they canβt change the file in your bucket. If you give everyone write permission on your bucket, then they can change the files in your bucket. (Giving write permissions to everyone is usually a bad idea!)
- Object access vs Permission access β Object access refers to how the object (or bucket) can be read or written. Permission access refers to who is allowed to change permissions on the object (or bucket). Generally, you only want to modify object access, not permission access.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
Uploading files to Amazon S3 is a great
way to keep backups of your important
0:00
private files.
0:04
But S3 can also share your files
with others, if you ask it to.
0:05
Have you ever tried to e-mail
a file to a friend and
0:09
gotten an error message
saying it's too large?
0:11
Instead, you can upload that file to S3,
make it publicly accessible, and
0:14
e-mail a link to it, so
that your friend can download it from S3.
0:18
And you can still keep your private
files secure at the same time.
0:22
To do that,
we use a concept called permissions.
0:26
It's sometimes also known as
Access Control Lists or ACLs.
0:29
The basic idea is,
0:33
if you own something, you can
decide how to share it with others.
0:35
When you're thinking about permissions,
0:39
it's generally useful to
think of it like a grid.
0:40
One axis is the who axis,
who do you want to share with?
0:43
The other axis is the how axis,
how can they share with you?
0:48
The simplest way to divide the who axis
is to lump everyone else into one group.
0:52
It's you against the world.
0:57
And the simplest way to divide the how
axis is to talk about reading data and
0:58
writing data.
1:03
This is how the permissions on
your S3 bucket look by default.
1:05
You are allowed to read and write data
in the Bucket, but no one else can.
1:09
In this case, writing data means modifying
the bucket, uploading new files,
1:13
moving files around, and deleting files.
1:18
There's also a different
set of permissions for
1:20
each individual file in a bucket.
1:22
However, file permissions are only
concerned with reading data,
1:24
not writing data.
1:28
Right now, the owner has all
the permissions and the world has none.
1:29
What happens if we change that?
1:33
If you give out the read permission for
1:35
the bucket, then others can see
which files are in the bucket, but
1:37
they can't actually download
any files from the bucket.
1:40
If you give out the read permission for
1:43
a file in the bucket, then others
will be able to download that file.
1:45
And if you give out the write permission
for the bucket, then others can modify
1:50
what's in the bucket, including uploading
new files or deleting existing files.
1:53
Be careful with giving out write
permissions, because you're still
1:59
responsible for paying AWS for
files that others upload into your bucket.
2:02
So let's see how we handle
these permissions in practice.
2:06
I'll open up my bucket, and you can see at
the top of the page there are four tabs,
2:09
Objects, Properties,
Permissions, and Management.
2:13
Objects are files and folders, and
we've seen how to handle those.
2:16
We're going to ignore Properties and
Management for now, and
2:19
click on Permissions.
2:21
You've got a grid here,
just like you saw earlier.
2:23
There are three options for
who can get permissions, treehouse,
2:25
that's me, any authenticated AWS user,
and everyone.
2:28
We're going to ignore that
any authenticated AWS user,
2:33
because it's basically a more
complicated form of the everyone option.
2:36
And for the how access,
we've got Read and Write for
2:39
both object access and permissions access.
2:42
Permissions access is the ability
to read and write permissions.
2:45
If you have the ability
to write permissions,
2:49
then you can give yourself and
others whatever permissions you'd like.
2:51
That's a powerful thing, but it's not
related to making files public, so
2:54
we're not going to talk
about it in this video.
2:57
For now, I'm not going to
make any changes to this tab.
2:59
Instead, I'm going to go
back to the Objects tab and
3:02
click on one of the files in the bucket.
3:05
When I open a file in a bucket,
3:06
you can see that there's
a Permissions tab here as well.
3:08
It looks the same, but it's for
3:10
permissions on the file
instead of on the bucket.
3:12
Just as we talked about earlier,
the write permission doesn't apply for
3:14
permissions on a file.
3:17
In order to write files
into the S3 bucket,
3:18
you need write permissions on the bucket,
not on the file.
3:20
The Read permissions is important though,
3:23
it determines whether people
can download the file.
3:25
Let's give it a try.
3:28
For now, we'll leave
the permissions at their defaults.
3:29
Notice that the Everyone group does
not have a read access to the file.
3:31
On the Overview tab,
there's a link to the file.
3:35
What happens if we open that link?
3:37
That doesn't look like
the treehouse logo at all.
3:42
Instead, S3 it's showing an error message,
Access Denied.
3:44
You see, I can download the file from S3
while I'm on the S3 Management console,
3:48
because on here, I'm logged in and
S3 knows who's asking for the file.
3:52
That link is a public
link that anyone can use.
3:56
S3 doesn't know that it's me, and so
3:59
it uses the everyone permissions to
determine if I can download the file.
4:01
As we just saw, the everyone group does
not have permission to read the file, so
4:06
S3 won't let me download
it using that public link.
4:10
But you may have noticed this
helpful looking Make public button,
4:13
while I was showing you around S3.
4:16
If I click that button, it's going to
change the permissions for me, Success.
4:19
Can you guess what changed?
4:24
Let's look back at the permissions tab.
4:26
Now the Everyone group
has read permissions, and
4:27
if I refresh that public link,
hey, it worked.
4:30
Now anyone can download this
file by using this link.
4:35
But what if you made
a file public by accident?
4:38
Well, that's easy to fix.
4:40
Just click on the Everyone group, and
4:42
then uncheck the read
permission under Object access.
4:43
Then Save and I'll refresh again.
4:48
Great, now it's private again,
just like it was before.
4:53
You can modify permissions
as much as you'd like.
4:56
There's one other nifty
thing I want to show you.
4:59
What if we change the permissions for the
bucket, instead of for an individual file?
5:01
I'll just go to my bucket permissions,
5:05
click on the Everyone group,
check the Read permission and click Save.
5:07
What did that do, I'll show you.
5:12
You see the structure of this URL?
5:14
It has the bucket name in it,
treehouse-course.
5:16
And it also has the filename in it,
image.png.
5:19
I'm going to take off the filename,
so we just have the bucket.
5:22
Now I'm getting a list of every
file that's in the bucket.
5:26
See, there is the image.png
file that we were looking at.
5:28
If you make this public, then anyone
can see what files are in the bucket,
5:32
although they may not be able to
download the files, of course.
5:35
If you don't want this
information to be public,
5:38
you can go back to the bucket
permissions and turn it off.
5:41
See, now the contents of your
bucket are private again.
5:51
S3 lets you store files privately or
share them with the world.
5:55
Permissions make it easy to specify
which files should be public and
5:59
which should be private, and fortunately,
if you make a mistake, it's easy to fix.
6:02
Making files public on S3 is a great
way to share them with others,
6:08
even files that are too
large to send via email.
6:12
There's a lot more you can do with
permissions, but that's a topic for
6:15
a future course.
6:18
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up