Bucket public access

[jeroenrinzema]

Hi, I was wondering if it’s possible to grant public download access to anonymous users using versitygw. While exploring the codebase, it seems like an Authorization header is always required, even when the access policy permits fetching objects.

For reference, here’s the policy I’m using:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": ["*"],
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::<bucket>/*"
    }
  ]
}

Is there a way to bypass the Authorization header for public access, or am I missing something?

[benmcclelland]

The "public" access still requires a valid access key. The "public" in this case is anyone with an account. If you want to give access to objects without needing to create accounts, then presigned urls is the way to achieve this.

[madmax]

@benmcclelland Presigned urls works only 1 week. If we do caching for public images public access without presigned urls will be better choice.

[benmcclelland]

Since there has been multiple requests for this, we are investigating what it would take to allow full public read on buckets.

[madmax]

@benmcclelland Nice! My current work-around is place nginx in front of versitygw to allow public access

    location / {
        root   /data;
        if ($request_method !~ ^(GET|HEAD)$ ) {
          proxy_pass             $VERSITYGW_URL;
        }

        try_files $uri @versitygw;
    }
    location @versitygw {
        proxy_pass             $VERSITYGW_URL;
    }

[benmcclelland]

@madmax @jeroenrinzema This PR is now merged and will be in the next tag release: #1319
It probably needs more testing, but the basic public access workflows seem to work.

[madmax]

@benmcclelland Thanks :)