Make a bucket public in Amazon S3

Question

How can I set a bucket in Amazon S3 so all the files are publicly read-only by default?

I'm annoyed this question was flagged as off topic. AWS is critical for serious programmers. I would add u can use cli sync command with acl argument like this: `aws s3 sync ./local-folder-name s3://remote-bucket-name --acl=public-read` — John Vandivier, Feb 27 '19 at 19:29
This answer to a similar post may help: https://stackoverflow.com/a/23102551/475882 — jaxxbo, Apr 12 '19 at 01:12

score 524 · Accepted Answer · edited Apr 22 '22 at 07:58

524

You can set a bucket policy as detailed in this blog post:

http://ariejan.net/2010/12/24/public-readable-amazon-s3-bucket-policy/

As per @robbyt's suggestion, create a bucket policy with the following JSON:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucket/*"
            ]
        }
    ]
}

Important: replace bucket in the Resource line with the name of your bucket.

edited Apr 22 '22 at 07:58

Akash Kumar Verma

3,185
2
16
32

answered Jan 17 '11 at 01:48

Intrications

16,782
9
50
50

When using official AWS CLI `arn:aws:s3:::bucket` also needs to be added to the `Resource` array. (So without the `/*`.) I hope this helps others who were struggling with this like me. – silvenon Feb 18 '15 at 16:03
My bad. This is needed only if you plan to `sync`, not just view the bucket. – silvenon Feb 18 '15 at 16:05
7

To support anonymous access through python's boto, in addition to setting this policy, I also had to grant `List` privilege to `Everyone` in the Properties > Permissions section of the bucket. – Chris Betti Jul 07 '15 at 19:33
what is the rule of writeing Version? I am using current date 2017-11-16, it reports:Error: The policy must contain a valid version string – Timothy.Li Nov 16 '17 at 10:11
1

@Timothy.Li did you remember to wrap it in quotes? `"2017-11-16",` – froggomad Feb 16 '18 at 14:22
I am getting Access denied when doing this. – Walter Monecke Feb 22 '19 at 16:39
https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteAccessPermissionsReqd.html Refer this Documentation will help you to fix this – P_O_I_S_O_N Mar 05 '19 at 05:18
@WalterMonecke you might need to make your bucket public acl `aws s3api put-bucket-acl --acl public-read --bucket your-bucket` – Khaled AbuShqear Feb 24 '20 at 12:40
although this works but for some reason it makes the resourece download when clicking on it (intead of opening it in the browser) – insivika Sep 19 '20 at 19:21
For other noobs, "Version" is a specific AWS thing -- [see this answer](https://stackoverflow.com/questions/41291006/aws-policy-must-contain-valid-version-string). As of 2017, the options were `2012-10-17` and `2008-10-17`. – roshambo Jan 26 '23 at 16:14

score 61 · Answer 2 · edited Mar 04 '19 at 19:26

61

Amazon provides a policy generator tool:

https://awspolicygen.s3.amazonaws.com/policygen.html

After that, you can enter the policy requirements for the bucket on the AWS console:

https://console.aws.amazon.com/s3/home

edited Mar 04 '19 at 19:26

craft

2,017
1
21
30

answered Jun 08 '12 at 15:54

evaneus

759
6
9

this is official document of <> https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html – Timothy.Li Nov 16 '17 at 10:24
3

Great link. Syntax is so complex they had to write a generator for it. – timbo Jun 12 '19 at 23:41
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-2 – Guillaume Massé Nov 09 '20 at 07:45

Make a bucket public in Amazon S3

2 Answers2

Linked