S3 Bucket Policy to make a specific sub folder public and everything else private?

Question

We currently have an S3 bucket policy which makes everything public.

At the moment we a bucket "bucket1" and inside there are numbered sub folders for each entry numbers 01 upwards (e.g. 01, 02, 03) and inside that always a folder called "128".

What we want to do is make the files in the 128 folders always public.

So we'd need something to allow "bucket1/*/128" and everything else only be accessible with a time stamped signature.

Presuming this is possible but wouldn't know how to create the statement.

Answer 1

I've done it!

I was trying all kinds of long-winded over-thought methods to try and accomplish this including the little known "not resource" when all I needed to do was take the default "allow all" policy and apply it to my specified sub-folders!

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKETNAME/*/128/*"
        }
    ]
}

Note: Edited the resource name.

Answer 2

This seems to be blocked now..

This bucket has public access You have provided public access to this bucket. We highly recommend that you never grant any kind of public access to your S3 bucket.