๐ŸŒ AWS S3 Bucket Policy Documentation ๐ŸŒ

Pranavan SudhaharPranavan Sudhahar
3 min read

๐Ÿ“š Overview

This documentation will guide you through the steps to create an Amazon S3 bucket policy that allows public access to objects within the bucket. This is particularly useful when you need to make files, such as images, publicly accessible via a URL.

๐Ÿ”ง Prerequisites

  • An AWS account with access to the S3 service.

  • A bucket in Amazon S3 with objects that you want to make publicly accessible.

๐Ÿ“ Steps to Create a Public S3 Bucket Policy

Step 1: โœ… Allow Public Access to the Bucket

  1. Navigate to the S3 service in the AWS Management Console.

  2. Select the bucket you want to make public.

  3. Go to the Permissions tab.

  4. Under Block public access (bucket settings), click Edit.

  5. Uncheck all the options to allow public access:

    • Block all public access

    • Block public access to buckets and objects granted through new access control lists (ACLs)

    • Block public access to buckets and objects granted through any access control lists (ACLs)

    • Block public access to buckets and objects granted through new public bucket or access point policies

    • Block public and cross-account access to buckets and objects through any public bucket or access point policies

  6. Confirm that you understand the risks by typing "confirm" in the provided field.

  7. Click Save changes.

Step 2: ๐Ÿ› ๏ธ Create a Bucket Policy

  1. Still in the Permissions tab, scroll down to Bucket policy.

  2. Click Edit to add a new policy.

  3. Use the AWS Policy Generator to create your policy:

    • Go to the AWS Policy Generator.

    • Select S3 Bucket Policy as the policy type.

    • Set Effect to Allow.

    • In the Principal field, enter * to allow access from any user.

    • For Actions, select GetObject to allow read access to the objects.

    • In the Amazon Resource Name (ARN) field, enter your bucket's ARN followed by /* to apply the policy to all objects within the bucket.

      • Example ARN format: arn:aws:s3:::your-bucket-name/*

  4. Click Add Statement and then Generate Policy.

  5. Copy the generated policy JSON.

Step 3: ๐Ÿ“‹ Apply the Policy to the Bucket

  1. Go back to the Bucket policy editor in the S3 console.

  2. Paste the copied policy JSON into the editor.

  3. Ensure there are no extra spaces or errors in the policy.

  4. Click Save changes.

๐Ÿ“ Example Policy

Here is an example of a policy that makes all objects in a bucket publicly accessible:

jsonCopy code{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}

โœ… Verification

  1. Go to the Objects tab in your S3 bucket.

  2. Select an object (e.g., coffee.jpg).

  3. Under Object URL, copy the provided URL.

  4. Open a new browser tab and paste the URL.

  5. The object should now be accessible publicly, and you should see the file (e.g., the image) displayed.

๐ŸŽ‰ Conclusion

By following these steps, you have successfully configured your S3 bucket to allow public access to its objects. Be cautious when making data publicly accessible to avoid unintended data exposure.

โš ๏ธ Note

Making an S3 bucket public should be done with caution, especially when dealing with sensitive or private data. Always ensure that public access is necessary for your use case to avoid potential data leaks.

0
Subscribe to my newsletter

Read articles from Pranavan Sudhahar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

s3-bucket policyAWSCloudCloud ComputingS3-bucketCloud Servicescloudformationcloud nativeAWS Certified Solutions Architect Associatebucketpoliciess3bucket

Written by

Pranavan Sudhahar
Pranavan Sudhahar