Make Files Uploaded by SMTP to S3 Public

Question

I'm using cloudmailin.com to upload attachments from emails to an S3 bucket. The bucket itself has public settings, but I am unable to access the uploaded data from the data's link as S3 apparently doesn't make files uploaded by other users public.

Currently, I'm using the bucket policy below, which is supposed to make the bucket's contents public:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mjkaufer_cloudmailin/*"
        }
    ]
}

This only works if I manually upload something to S3. If I manually upload something, I can view the link and it can open in a new window. But if it's uploaded from cloudmailin, I'm unable to view the file.

Does anybody know a workaround? I just need to make it such that files uploaded to a bucket by a 3rd party (cloudmailin) are visible.

Thanks.

Answer 1

The problem is that as CloudMailin uploads your attachments to AWS S3 it needs to set the ACL permissions on them. AWS offers a couple of ‘canned permissions' for this. The only two that are really of interest to CloudMailin are the following:

• bucket-owner-full-control - this is what you’re currently set to, it grants the bucket owner full control over the uploaded attachment.
• public-read - this will grant you full control as the bucket owner but will also set read only privileges for everyone.

If you log into CloudMailin head to your address list and click ‘manage' on the address you need to edit. Then head to ‘Edit Attachment Store’ and select ‘Public Read’ then CloudMailin will set this canned policy as the email attachments are uploaded to S3.