Files in aws s3 bucket are not public after they are synced by aws cli

Question

How are you. I am syncing react.js web application build dir with aws s3 bucket. When I upload files inside build directory into s3 manually by entering amazon console ( https://s3.console.aws.amazon.com/ ), all the uploaded files are public so when I visit endpoint it shows website well (I am using s3 for static website hosting)

But if I sync this with aws cli

aws s3 sync build/ s3://mybucketnamehere --delete

I can see all uploaded new files in bucket, but those are all access denied so It gives me 403 error when I enter the site.

This is policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:DeleteObject",
                "s3:DeleteObjectTagging",
                "s3:DeleteObjectVersion",
                "s3:DeleteObjectVersionTagging",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::mybucketnamehere",
                "arn:aws:s3:::mybucketnamehere/*"
            ]
        }
    ]
}

What am I doing wrong?

Thanks

Answer 1

The right answer is: don't use S3 to serve your static files. You should set up a Cloudfront distribution to serve these files, as it gives you numerous advantages.

If for some reason you can't use Cloudfront, you can add --acl public-read to your command:

aws s3 sync build/ s3://mybucketnamehere --delete --acl public-read