amazon web services - I get invalid json error when i try to add read access policy in s3 permission tab

Question

I am new to AWS. I created s3 bucket - public where i stored all my images which i want to show on my front end page. But when i try to show them on the front end page with the s3 object url i get 403 forbidden error.

I googled and i found answer

Angular 4 app on S3 denied access after redirect

The guy there says that we should add read access policy in the permissions tab.

So i did exactly like he said but when i paste this object like he suggest in the CORS tab

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::somename/*"]
    }
  ]
}

and click save changes i get error

The CORS configuration must be written in valid JSON.

why in past this was valid JSON and now it is not ? As i said i am new to AWS and don't know how to fix this. Also can somoene tell me why even my s3 bucket is public - i can't access the objects inside publiccly from my front end ?

question from:https://stackoverflow.com/questions/65896625/i-get-invalid-json-error-when-i-try-to-add-read-access-policy-in-s3-permission-t

Answer 1

Based on the comments.

The json document in the question is bucket policy, not CORS, and it should be added as explained in the docs.

The specific policy that you are using:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::somename/*"]
    }
  ]
}

has following meaning. Also from docs:

grants anonymous read permission on all objects in a bucket. The bucket policy has one statement, which allows the s3:GetObject action (read permission) on objects in a bucket named somename. By specifying the principal with a wild card (*), the policy grants anonymous access, and should be used carefully. For example, the following bucket policy would make objects publicly accessible.

Further explanation of this specific policy is given in:

• Granting Read-Only Permission to an Anonymous User