Is your feature request related to a problem? Please describe.
When deploying to S3-compatible storage (MinIO, AWS S3, etc.), controlling per-prefix public access requires calling the PutBucketPolicy API. Modern S3 and MinIO have deprecated per-object ACLs in favour of bucket policies, making PutBucketPolicy the only reliable way to make a subset of objects (e.g. product/*) publicly accessible while keeping the rest of the bucket private. Currently there is no way to do this through the rust-s3 crate, forcing users to either spin up a sidecar tool.
Describe the solution you'd like
Add put_bucket_policy and optionally get_bucket_policy / delete_bucket_policy methods to Bucket, following the same pattern as existing bucket operations.
Describe alternatives you've considered
- Per-object ACLs (x-amz-acl: public-read on put_object): AWS S3 disabled ACLs by default on new buckets in 2023, and MinIO silently ignores x-amz-acl in modern releases. Not a portable solution.
- External init tooling: Using a minio/mc sidecar container or CLI script to call mc anonymous set download at startup. Works but couples infrastructure setup to an external tool rather than letting the application manage its own bucket configuration.
- aws-sdk-s3: Has put_bucket_policy but brings in the entire AWS SDK crate family, which is a disproportionate dependency for projects already using rust-s3.
- Manual reqwest + Sig V4: Possible since credentials are accessible via bucket.credentials(), but requires reimplementing signing logic that rust-s3 already has internally.
Additional context
The PutBucketPolicy S3 API is well-documented and supported by all major S3-compatible implementations including MinIO, Cloudflare R2, and Backblaze B2. Since the signing infrastructure is already present in the crate, this would be a relatively small addition with high practical value for anyone managing mixed public/private access patterns within a single bucket.
Is your feature request related to a problem? Please describe.
When deploying to S3-compatible storage (MinIO, AWS S3, etc.), controlling per-prefix public access requires calling the PutBucketPolicy API. Modern S3 and MinIO have deprecated per-object ACLs in favour of bucket policies, making PutBucketPolicy the only reliable way to make a subset of objects (e.g. product/*) publicly accessible while keeping the rest of the bucket private. Currently there is no way to do this through the rust-s3 crate, forcing users to either spin up a sidecar tool.
Describe the solution you'd like
Add put_bucket_policy and optionally get_bucket_policy / delete_bucket_policy methods to Bucket, following the same pattern as existing bucket operations.
Describe alternatives you've considered
Additional context
The PutBucketPolicy S3 API is well-documented and supported by all major S3-compatible implementations including MinIO, Cloudflare R2, and Backblaze B2. Since the signing infrastructure is already present in the crate, this would be a relatively small addition with high practical value for anyone managing mixed public/private access patterns within a single bucket.