initial importminio

author: Chloé Vulquin <code@toast.bunkerlabs.net> 2026-01-14 22:16:43 +0100
committer: Chloé Vulquin <code@toast.bunkerlabs.net> 2026-01-15 06:49:14 +0100
commit: c5354e75d1205a82a93fd30868e1f5602161ade9 (patch)
tree: d6ee1ff12100f35c5b2998fc5d1a80ff07656c3b /bucket
2 files changed, 32 insertions, 0 deletions
diff --git a/bucket/README.md b/bucket/README.md
new file mode 100644
index 0000000..0b2e313
--- /dev/null
+++ b/bucket/README.md
@@ -0,0 +1,17 @@
+# Bucket Policies
+Bucket policies apply to buckets and determine the read/write access to them.
+This is especially useful for allowing anonymous access of various kinds.
+
+## Policies
+The following policies are available:
+
+* fetchonly.json: Similar to ReadOnly in that it allows fetching any object in the bucket anonymously.
+  The difference is that it does not allow *listing* bucket objects,
+  meaning that the object name must be known ahead of time.
+
+## Using
+Apply these policies as so:
+
+1. Download the file.
+2. Edit the file, replacing BUCKETNAME with the name of your bucket.
+3. `mcli policy set-json ./FILE.json MYMINIO/BUCKETNAME`
diff --git a/bucket/fetchonly.json b/bucket/fetchonly.json
new file mode 100644
index 0000000..42b92da
--- /dev/null
+++ b/bucket/fetchonly.json
@@ -0,0 +1,15 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "*"
+        ]
+      },
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::BUCKETNAME/*"
+    }
+  ]
+}
author	Chloé Vulquin <code@toast.bunkerlabs.net>	2026-01-14 22:16:43 +0100
committer	Chloé Vulquin <code@toast.bunkerlabs.net>	2026-01-15 06:49:14 +0100
commit	c5354e75d1205a82a93fd30868e1f5602161ade9 (patch)
tree	d6ee1ff12100f35c5b2998fc5d1a80ff07656c3b /bucket