0

I have deployed MinIO on my server and configured two URLs for access:

  1. minio.example.com - MinIO API
  2. minio-admin.example.com - MinIO Console (UI)

I have set policies for my buckets (readonly policy for / path ) and everything works as expected for the MinIO API URL. However, when accessing the MinIO Console URL, I can see the entire structure of my buckets and all files without any authentication.

When accessing minio.example.com/browser/my-bucket, I get the following error message (what I want to achieve for the second URL as well):

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied.</Message>
<Key>test</Key>
<BucketName>browser</BucketName>
<Resource>/browser/my-bucket</Resource>
<RequestId>17E051413F91E8A2</RequestId>
<HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId>
</Error>

However, when accessing minio-admin.example.com/browser/my-bucket, I can see the complete list of all files in my bucket

Are there any ways to achieve this goal other than setting basic auth for the second URL?

I can set basic auth in my proxy, but I don't really like this option. Maybe there are other ways?

Improve this question

1 Answer 1

Reset to default
0

I found the answer. You can set custom anonymous poicy with mc anonymous set-json <your-policy.json> <your-bucket>, so I created the following file:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

...and set it as the anonymous policy for all my buckets

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.