Managing Amazon S3 bucket access permissions - Amazon SDK for JavaScript
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

The Amazon SDK for JavaScript V3 API Reference Guide describes in detail all the API operations for the Amazon SDK for JavaScript version 3 (V3).

Starting October 1, 2022, Amazon SDK for JavaScript (v3) will end support for Internet Explorer 11 (IE 11). For details, see Announcing the end of support for Internet Explorer 11 in the Amazon SDK for JavaScript (v3).

Managing Amazon S3 bucket access permissions


                        JavaScript code example that applies to Node.js execution

This Node.js code example shows:

  • How to retrieve or set the access control list for an Amazon S3 bucket.

The scenario

In this example, a Node.js module is used to display the bucket access control list (ACL) for a selected bucket and apply changes to the ACL for a selected bucket. The Node.js module uses the SDK for JavaScript to manage Amazon S3 bucket access permissions using these methods of the Amazon S3 client class:

For more information about access control lists for Amazon S3 buckets, see Managing access with ACLs in the Amazon Simple Storage Service User Guide.

Prerequisite tasks

To set up and run this example, you must first complete these tasks:

Important

These examples demonstrate how to import/export client service objects and command using ECMAScript6 (ES6).

Retrieving the current bucket Access Control List

Create a libs directory, and create a Node.js module with the file name s3Client.js. Copy and paste the code below into it, which creates the Amazon S3 client object. Replace REGION with your Amazon region.

// Create service client module using ES6 syntax. import { S3Client } from "@aws-sdk/client-s3"; // Set the AWS Region. const REGION = "us-east-1"; // Create an Amazon S3 service client object. const s3Client = new S3Client({ region: REGION }); export { s3Client };

This code is available here on GitHub.

Create a Node.js module with the file name s3_getbucketacl.js. Make sure to configure the SDK as previously shown, including installing the required clients and packages.

Create an S3Client client service object. The only parameter you need to pass is the name of the selected bucket when calling the GetBucketAclCommand method. The current access control list configuration is returned by Amazon S3 in the data parameter passed to the callback function.

// Import required AWS SDK clients and commands for Node.js. import { GetBucketAclCommand } from "@aws-sdk/client-s3"; import { s3Client } from "./libs/s3Client.js"; // Helper function that creates an Amazon S3 service client module. // Create the parameters. export const bucketParams = { Bucket: "BUCKET_NAME" }; export const run = async () => { try { const data = await s3Client.send(new GetBucketAclCommand(bucketParams)); console.log("Success", data.Grants); return data; // For unit tests. } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt.

node s3_getbucketacl.js

This sample code can be found here on GitHub.

Attaching Access Control List permissions to an Amazon S3 bucket

Create a libs directory, and create a Node.js module with the file name s3Client.js. Copy and paste the code below into it, which creates the Amazon S3 client object. Replace REGION with your Amazon region.

// Create service client module using ES6 syntax. import { S3Client } from "@aws-sdk/client-s3"; // Set the AWS Region. const REGION = "us-east-1"; // Create an Amazon S3 service client object. const s3Client = new S3Client({ region: REGION }); export { s3Client };

This code is available here on GitHub.

Create a Node.js module with the file name s3_putbucketacl.js. Make sure to configure the SDK as previously shown, including installing the required clients and packages.

Replace BUCKET_NAME with the name of the Amazon S3 bucket. Replace GRANTEE_1 and GRANTEE_2 with users you want to grant respective access contol permission.

// Import required AWS SDK clients and commands for Node.js. import { PutBucketAclCommand } from "@aws-sdk/client-s3"; import { s3Client } from "./libs/s3Client.js"; // Helper function that creates an Amazon S3 service client module. // Set the parameters. For more information, // see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#putBucketAcl-property. export const bucketParams = { Bucket: "BUCKET_NAME", // 'GrantFullControl' allows grantee the read, write, read ACP, and write ACL permissions on the bucket. // Use a canonical user ID for an AWS account, formatted as follows: // id=002160194XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXa7a49125274 GrantFullControl: "GRANTEE_1", // 'GrantWrite' allows grantee to create, overwrite, and delete any object in the bucket. // For example, 'uri=http://acs.amazonaws.com/groups/s3/LogDelivery' GrantWrite: "GRANTEE_2", }; export const run = async () => { try { const data = await s3Client.send(new PutBucketAclCommand(bucketParams)); console.log("Success, permissions added to bucket", data); return data; // For unit tests. } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt.

node s3_putbucketacl.js

This sample code can be found here on GitHub.