I have an S3 object that is publicly not available. If you click on that link, you should get the <code>Access Denied</code> error.
However, if I run the following script on a Node server locally on my Mac, I'm able to download the file -
var s3file = fs.createWriteStream("s3posts.json.gz");
http.get("http://s3.amazonaws.com/cloudfront.s3post.cf/posts.json.gz", function(response) {
response.pipe(s3file);
});
I went through all of my bucket and object configuration; there's nothing allowing the object to be accessed publicly.
If AWS's policies are by private by default and I haven't explicitly given any permissions, why is the object available for download while not being available on the browser?
What can I do to prevent the object from being downloaded?
via Anish Sana
No comments:
Post a Comment