0

I have deployed MinIO on my server and configured two URLs for access:

  1. minio.example.com - MinIO API
  2. minio-admin.example.com - MinIO Console (UI)

I have set policies for my buckets (readonly policy for / path ) and everything works as expected for the MinIO API URL. However, when accessing the MinIO Console URL, I can see the entire structure of my buckets and all files without any authentication.

When accessing minio.example.com/browser/my-bucket, I get the following error message (what I want to achieve for the second URL as well):

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied.</Message>
<Key>test</Key>
<BucketName>browser</BucketName>
<Resource>/browser/my-bucket</Resource>
<RequestId>17E051413F91E8A2</RequestId>
<HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId>
</Error>

However, when accessing minio-admin.example.com/browser/my-bucket, I can see the complete list of all files in my bucket

Are there any ways to achieve this goal other than setting basic auth for the second URL?

I can set basic auth in my proxy, but I don't really like this option. Maybe there are other ways?

Improve this question

1 Answer 1

Reset to default
0

I found the answer. You can set custom anonymous poicy with mc anonymous set-json <your-policy.json> <your-bucket>, so I created the following file:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

...and set it as the anonymous policy for all my buckets

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.