Note: this post applies to CloudBerry Explorer PRO 2.4.2 and later.
As always we are trying to stay on top of the new functionality offered by Amazon S3 to offer the most compelling Amazon S3 and CloudFront client on Windows platform.
Following the recent announcement of support for using Canonical User IDs in bucket policies, CloudBerry Lab added a support of Canonical IDs into CloudBerry Explorer.
Canonical User IDs are account identifiers that are used to grant an AWS Account access to an Amazon S3 bucket or object. Previously, Canonical User IDs were used with Amazon S3 ACL’s. You can now use those same IDs when authoring a bucket policy. You can also use Canonical User IDs to grant access to a CloudFront Origin Access Identity to support Amazon CloudFront's private content feature.
The following example bucket policy grants a CloudFront Origin Identity permission to GET all objects in your Amazon S3 bucket. The CloudFront Origin Identity is used to enable CloudFront's private content feature. To learn more about CloudFront's support for serving private content, check out our previous blog post.
Right click a bucket with Private Content Distribution and choose Bucket Policy from the context menu to run Bucket Policy Designer
In the Bucket Policy Designer click “to:” to choose the principal. Note “/*” suffix to make sure you apply the policy to all objects in the bucket.
CloudBerry Explorer automatically recognizes if you create a Bucket Policy for a bucket with associated CloudFront distribution with Private Content and shows Origin Access Identity in the Address Book.
This way with a few clicks you get the policy that will grant a CloudFront Origin Identity permission to GET all objects in your Amazon S3 bucket.
As always we would be happy to hear your feedback and you are welcome to post a comment.
CloudBerry S3 Explorer is a Windows freeware product that helps managing Amazon S3 storage and CloudFront . You can download it at http://cloudberrylab.com/
CloudBerry S3 Explorer PRO is a Windows program that helps managing Amazon S3 storage and CloudFront . You can download it at http://pro.cloudberrylab.com/ It is priced at $39.99
Like our products? Please help us spread the word about them. Learn here how to do it.
Want to get CloudBerry Explorer for free? Make a blog post about us!
Posts
6 comments:
Every time I try this I get an error: Invalid principal in policy
Please make sure that you have a valid "Principal" with a "CanonicaUser" element and a long number (canonicalId). If it doesn't help send us the log file via Help | Complain feature .
I couldn't get it to work either, but when you have select the addressbook identity and after that show the script, focus on this part:
"Principal": {
"AWS":
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
and change it into:
"Principal": {
"CanonicalUser": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
Then click OK.
That does the trick. Watch it, CanonicalUser is case sensitive.
Hope this helps ;-)
Rudolf+++
I had to follow RudolfB's instructions to change the script manually from "AWS" to "CanonicalUser".
It would be great if CloudBerry Labs could update this functionality so that it works properly in the next release.
Hi,
we would like to better understand what exactly didn't work for you. Could you please fill the support form on our website and give use the policy you tried to apply.
Thanks
Andy
Thanks a lot, you saved me a lot of coding. Guy Vinograd, Softimize
Post a Comment