Anonymous/Public Bucket Access in StorageGRID

Introduction

This quick example shows how we can update the bucket access policy in StorageGRID in order to allow anonymous access. This allows access to the bucket without S3 credentials, e.g. through a browser.

Instructions

In this example, we utilize s3cmd to connect to StorageGRID Webscale. In order to get s3cmd talking to StorageGRID, update the following fields in ~/.s3cfg as shown below. Please note that it is not advised to disable SSL for production workloads, but rather set the ca_certs_file field.

Next, we create a JSON document to enable access to a bucket “public-bucket1” which we will expose to the public:

Lastly, we use s3cmd to apply the policy to the bucket:

We are now able to point a browser to an object and download it without requiring credentials, e.g. via https://:8082/public-bucket1/objectkey

Conclusion
Anonymous access is a simple way to share content in an S3 bucket with people at large. You can enable anonymous access to collaborate on projects, use an S3 bucket as a content repository within your organization or build a simple web-based catalogue of a bucket. You can further develop the S3 bucket policy framework within StorageGRID to have conditional access to buckets based on IP ranges and also tweak actions to allow more than just read and list operations.

If you have questions, feel free to reach out via email to thePub

Clemens Siebler on GithubClemens Siebler on LinkedinClemens Siebler on Twitter
Clemens Siebler
Manager Solution Architects EMEA
Clemens is leading a technical team of Solution Architects in EMEA. In his current role, he and his team are evangelizing upcoming market trends like Containers, Object Storage, OpenStack, and NFV. His current passion is enabling customers to transition their large scale workloads to Object Storage. Before, he worked as a Software Engineer on NetApp’s software products, where he published multiple patents on plug-in frameworks.

Leave a Reply