A common use case for S3 buckets is to act as the backend for a CDN or some kind of caching service. Here’s how to make files inside your Scaleway S3 bucket visible with or without allowing file listing using Minio’s mc client.

While creating a new bucket you will be asked if you want to make it public or not, this can be a little bit confusing if you’re used to other object storage providers like OVH’s. In reality it only sets the visibility of the bucket file listing not the actual files. In this example our bucket will serve static assets for a website so I have no reason to make file listing available to the public.

Minio CLI (mc)

Make sure your S3 endpoint is registered :

mc alias set s3 https://s3.<region>.scw.cloud <access-key> <secret-key> --api S3v4

Create a new policy.json file :

If you want to grant access only to a subdirectory replace the your-container/* by your-container/dir/*

{
    "Version": "2012-10-17",
    "Id":"PublicDownloadPolicy",
    "Statement": [
        {
            "Sid": "Grant GET to everyone",
            "Effect":"Allow",
            "Principal":"*",
            "Action":[
                "s3:GetObject"
            ],
            "Resource":[
                "your-container/*"
            ]
        }
    ]
}

And finally, apply it :

$ mc policy set-json policy.json "s3/your-container"
Access permission for `s3/your-container` is set from `policy.json`

And you’re done. You can now access the files inside the container using its public URL (https://your-container.s3.<region>.scw.cloud/).