0
0
AwsHow-ToBeginner · 4 min read

How to Make an S3 Bucket Public: Step-by-Step Guide

To make an S3 bucket public, you must update its Bucket Policy to allow public read access and disable Block Public Access settings. This lets anyone view the bucket's contents via a URL.
📐

Syntax

The main way to make an S3 bucket public is by setting a Bucket Policy with a JSON document that grants "s3:GetObject" permission to "Principal": "*". You also need to disable the Block Public Access settings on the bucket to allow public access.

Key parts of the policy:

  • Effect: "Allow" to permit access.
  • Principal: "*" means anyone on the internet.
  • Action: "s3:GetObject" allows reading objects.
  • Resource: specifies the bucket and all objects inside it.
json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}
💻

Example

This example shows a complete bucket policy that makes all objects in the bucket publicly readable. Replace your-bucket-name with your actual bucket name. Also, ensure you disable the Block Public Access settings in the AWS S3 console for this bucket.

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}
Output
Policy applied successfully. Bucket objects are now publicly readable via URLs like https://your-bucket-name.s3.amazonaws.com/object-key
⚠️

Common Pitfalls

  • Not disabling Block Public Access settings will block public access even if the bucket policy allows it.
  • Using the wrong Resource ARN, such as missing the trailing /*, will not grant access to objects inside the bucket.
  • Granting "s3:ListBucket" permission publicly can expose the list of all objects, which is often not desired.
  • Making buckets public can expose sensitive data; always review what you share.
json
Wrong policy example:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name"
    }
  ]
}

Right policy example:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}
📊

Quick Reference

Summary tips for making an S3 bucket public:

  • Set a bucket policy granting s3:GetObject to Principal: "*".
  • Disable all Block Public Access settings on the bucket.
  • Do not grant s3:ListBucket unless you want to expose the object list.
  • Test public access by opening an object URL in a browser.
  • Review bucket contents carefully before making public.

Key Takeaways

Make S3 buckets public by adding a bucket policy with s3:GetObject permission for everyone.
Always disable Block Public Access settings to allow public access.
Use the correct resource ARN with /* to cover all objects inside the bucket.
Avoid exposing sensitive data by reviewing bucket contents before making public.
Test public access by accessing object URLs after policy changes.

Related by keyword

How to Configure AWS CLI: Step-by-Step GuideGetting StartedHow to Create AWS Account: Step-by-Step GuideGetting StartedHow to Install AWS CLI: Step-by-Step GuideGetting StartedHow to Create IAM Group in AWS: Step-by-Step GuideIAMHow to Create IAM Policy in AWS: Step-by-Step GuideIAM

Up next

What is Placement Group in EC2: Explanation and Use CasesAWS Spot Instance: What It Is and How It WorksHow to Create AWS Lambda Function: Simple StepsHow to Create AWS Lambda Layer: Step-by-Step Guide

More in S3

ACL vs Bucket Policy in S3: Key Differences and Usage GuideHow to Create an S3 Bucket in AWS: Simple StepsHow to Delete a File from AWS S3 Bucket EasilyHow to Delete an S3 Bucket in AWS: Simple Steps