How can we make an S3 bucket public?

0
1531

Amazon S3 buckets are by default private to avoid accidental exposure of personal data by everyone. But it is possible to make an S3 bucket public even if it has already been created as private. Basically two steps are required. Also, you have option to make a very new bucket public almost in the same way.

  • Enable appropriate public access settings
  • Attach corresponding bucket policies

Steps to make an S3 bucket public

For enabling appropriate public access settings:

1. Sign in to Amazon Web Services and go to your S3 Management Console.

2. You will see the list of all buckets in your Amazon S3. In this list, the bucket mustafagonen.com is open to public access. But the bucket www.example-public-website.com and also its objects are not shared publicly. So let’s click on this bucket and get into it to make it public.

List of all buckets in Amazon S3
List of all buckets in Amazon S3

3. We go to the Permissions tab to change it. 

Bucket permission settings
Bucket permission settings

4. Then we will go to “Block public access (bucket settings)” section and click on Edit.

Bucket settings
Bucket settings

5. Just uncheck the “Block all public access” option, and then click the Save button.

Edit block public access
Edit block public access

So far, what we have done is not enough to make the S3 bucket public. We just unblocked public access. Now we move on to the second phase. To attach a bucket policy. Thus users will be able to access the S3 bucket and perform actions such as reading and writing on prefixes and objects (depending on the attachment policy).

For attaching corresponding bucket policies:

1. Follow the same first three steps above. From the bucket list, click on the bucket name again. Select the Permissions tab again, but this time go to the Bucket Policy section. Click on Edit button which opens the Bucket Policy Editor.

Bucket policy
Bucket policy

2. You can copy and paste the policy statement below into the editor—this statement grant read-only permission to an anonymous user. DO NOT FORGET!!! >>>Change “www.example-public-website.com” to YOUR BUCKET NAME.<<<

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"PublicRead",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject","s3:GetObjectVersion"],
      "Resource":["arn:aws:s3:::www.example-public-website.com/*"]
    }
  ]
}

You can find more examples by clicking on Policy examples, and you can choose and use the one that suits your needs. Finally, don’t forget to click the Save button at the bottom.

Bucket policy editor
Bucket policy editor

You will see more or less the following screen. The green box on the top states that you have successfully edited your Bucket policy. Also, In the “Permission overview” section, the status appears as “Public” now.

Bucket policy edited successfully
Bucket policy edited successfully

Conclusion

To make an S3 bucket public is not a rocket science. Today, we made the private S3 bucket public using the AWS Console. Making an S3 bucket public is also possible via AWS CLI, SDK, or REST API. Which method do you prefer more often? Please comment on it.

Thanks.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.