From c5354e75d1205a82a93fd30868e1f5602161ade9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chlo=C3=A9=20Vulquin?= <code@toast.bunkerlabs.net>
Date: Wed, 14 Jan 2026 22:16:43 +0100
Subject: initial import

---
 bucket/README.md      | 17 +++++++++++++++++
 bucket/fetchonly.json | 15 +++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 bucket/README.md
 create mode 100644 bucket/fetchonly.json

(limited to 'bucket')

diff --git a/bucket/README.md b/bucket/README.md
new file mode 100644
index 0000000..0b2e313
--- /dev/null
+++ b/bucket/README.md
@@ -0,0 +1,17 @@
+# Bucket Policies
+Bucket policies apply to buckets and determine the read/write access to them.
+This is especially useful for allowing anonymous access of various kinds.
+
+## Policies
+The following policies are available:
+
+* fetchonly.json: Similar to ReadOnly in that it allows fetching any object in the bucket anonymously.
+  The difference is that it does not allow *listing* bucket objects,
+  meaning that the object name must be known ahead of time.
+
+## Using
+Apply these policies as so:
+
+1. Download the file.
+2. Edit the file, replacing BUCKETNAME with the name of your bucket.
+3. `mcli policy set-json ./FILE.json MYMINIO/BUCKETNAME`
diff --git a/bucket/fetchonly.json b/bucket/fetchonly.json
new file mode 100644
index 0000000..42b92da
--- /dev/null
+++ b/bucket/fetchonly.json
@@ -0,0 +1,15 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "*"
+        ]
+      },
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::BUCKETNAME/*"
+    }
+  ]
+}
-- 
cgit v1.2.3