Hi,

I have a bucket that I don't want to become 100% public, but I'd love to use this snippet in one of the directories.

I've tried "Resource": "arn:aws:s3:::mybucket/subfolder/*" but it didn't work. The AJAX request ends up in a 403 Forbidden. Any tips?

The object 'list.html' needs to be accessible, so you should also add "arn:aws:s3:::mybucket/list.html" in the resources. You should get something like:

         {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::mybucket/subfolder/*",
                "arn:aws:s3:::mybucket/list.html"
            ]
         }

Then you should be able to access the page. The bad news is that all the content in the bucket will be listed but the good news is that only the objects in the subfolder will be accessible. I didn't find a way to list only the content of the subfolder. Because of the way the script is getting the list, it may not be possible to list only the content of the subfolder.

I tried to restrict the listing permissions to the subfolder by removing the permission to list everything and adding this permission:

        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::mybucket",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "subfolder/*"
                    ]
                }
            }
        }

but then the script can't get any listing...