AWS/S3 ACLs & CloudFront

Question

Hey guys,

tl;dr - Is there a robust S3 ACL management tool, possibly for use with CloudFront?

I'm working on a personal private content distribution (via CloudFront) but obviously the AWS Console is severely lacking in this regard.

I know there are a handful of S3 clients out there, but none of them really do much for advanced ACL. To avoid having to use the AWS cli tools or to write wrappers for the API for everything (this is for configuring long-term systems, not for anything that would need to be done programmatically), I'm looking for one that has the best ACL support.

OR, if anyone has suggestions for managing CloudFront and custom ACLs (specifically for adding canonical user IDs/OriginAccessIdentities to buckets), I'm totally open to that too.

On a side note, the AWS docs mention the following:

Once you have a private content distribution, you must grant your CloudFront origin access identity read access to the private content. You do this by modifying the Amazon S3 ACL on each of the objects (not on the bucket).

which seems, er, exceptionally hard to maintain for a system that could potentially be used as swap (sic) storage for protected assets and modified on a regular basis (tens+ of times per day). Am I misreading that, or is it really intended to be that static and explicit?

Answer 1

Hi,

I suggest that you try CloudBerry Explorer freeware It has full support for managing S3 and CloudFront including Private Content and Streaming distributions as well as new features such as content invalidation and root object support.

Also, I'd like to mention that the best way to grant read permissions to Origin Access Identity is to use Amazon S3 Bucket Policy. Check out our blog post on how it works.

Answer 2

Thanks for the suggestions, but I can't use those (Mac - didn't mention, not your fault). I ended up going with Bucket Explorer, FWIW.