Anonymous S3 access

[jmajoor]

I would like to have anonymous access to S3. In my scenario access is authorized through VPC policies and doesn't require signed requests. However the software will automatically sign the AWS request even if I don't specify access keys.

Would it be possible to support anonymous S3 calls (ie. without the AWS signature)

[aloneguid]

is there a link documentation describing this sort of access? I've never tried.

[jmajoor]

The briefly mention it here: https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html

The basically state: Requests to Amazon S3 can be authenticated or anonymous. Then go on that authenticated requests require signing.

If you don't place any headers and no request signing, then it is anonymous.

There is also some information about S3 being accessed this way. https://repost.aws/knowledge-center/s3-private-connection-no-authentication

We have a container that needs access to a S3 bucket and we don't want anybody to know about access keys and secrets when deploying the container. The container is deployed in K8S on a certain VPC and we then setup policies that allow access to these buckets from that VPC.

I can try to find more information on this if need be.

[aloneguid]

You should be able to turn off authentication, just don't sign the outgoing request.

[jmajoor]

Correct, but the S3AuthHandler will always sign the request. So how do I "just don't sign the request" with the current API? Would it be possible for the S3AuthHandler to check whether a null/empty access id/secret is provided and then omit signing the request?

[aloneguid]

Unfortunately I can't get a service that accepts no auth to test this. If you can provide this or raise a pr it would be great.

[aloneguid]

Closing as there seems to be no interest in this. The only use case I found that does not require authentication is downloading files via http(s), which does not need any library.