How to Make an AWS S3 Object Publicly Available
Introduction
Amazon Simple Storage Service, also known as S3, is a widely used object storage service across various industries for storing, managing, analyzing, and protecting data. S3 provides the concept of buckets, where different objects can be stored.
By default, S3 buckets and the objects within them are protected and not publicly accessible over the internet. However, there are instances where an object needs to be exposed publicly for certain use cases. In this article, we will explore how to configure S3 objects to be accessible over the internet using the AWS Management Console, which is the easiest method.
Prerequisites
- AWS Account Setup: You will need an active AWS account.
- Basic Understanding of AWS S3: Familiarity with S3 is helpful. You can learn more here.
Let’s go!!!
Step-by-Step Guide
1. Creating an S3 Bucket
Let’s start by creating an S3 bucket. Log in to the AWS Management Console and navigate to the S3 service under the Storage category in the Services menu.
On the S3 page, click on the “Create bucket” button to initiate the process.
You will be taken to the Create Bucket view. Here, we’ll create a general-purpose bucket. Enter a unique bucket name, keeping in mind that it must adhere to certain naming conventions. You can learn more about these rules here. Leave the other settings at their default values, and click “Create bucket” at the bottom of the page to complete the creation.
Note — Some settings on the Create Bucket page can be configured at this stage to enable public access to objects. However, we’ll leave these settings at their defaults for now, so we can modify them later. This approach is helpful for those who want to make objects public in their existing S3 buckets.
2. Uploading an Object to the S3 Bucket
Now, let’s upload an object to our newly created bucket. Start by navigating into the bucket by clicking on its name.
Next, click on the “Upload” button to begin uploading a file.
You’ll be taken to the Upload view. Click the “Add files” button to select a file from your computer, or simply drag and drop the file into the window. In this example, I’ll be uploading an image from my computer.
To complete the upload process, click the “Upload” button at the bottom. We will not be modifying any settings at this stage.
Once the upload is complete, click on the name of the uploaded object to view its details. In the Object Overview section, you’ll see the Object URL.
However, if you try to access the object using this URL over the internet, you will encounter an “AccessDenied” error message. This occurs because the object is not yet publicly available.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>69PNS08Y5BDMF4HS</RequestId>
<HostId>MkP2eMgOtd694uYRc6NBt8fbHqIb/337uwi4Wte2Fw3jZ9s7w1Z6OP2hmVBUXDUMX81O5/tjshE=</HostId>
</Error>Next, we’ll configure the object to make it publicly accessible.
3. Configuring Bucket Permissions
First, we need to configure the bucket’s permissions. Navigate to the bucket and click on the Permissions tab. You’ll find the Block public access (bucket settings) section. Since we kept the bucket settings at their default, the Block all public access option will be enabled.
Click the “Edit” button to modify this setting. Untick the Block all public access checkbox and save the changes.
Next, in the same Permissions tab, locate the Object Ownership section. At this point, ownership is set to Bucket owner enforced because we used the default settings during bucket creation.
Click “Edit” to modify the Object Ownership settings. Select the ACLs enabled option and save the changes. You may need to acknowledge the warnings provided at this stage.
Read more on ACL (Access Control List) here.
With the bucket settings updated, we can now proceed to change the object permissions.
4. Setting Object Permissions
As a best practice, it’s important to make only the necessary objects public. Let’s make the object we uploaded public. Navigate to the object and go to the Permissions tab.
In the Permissions tab, you’ll find the Access control list (ACL) section. Click on “Edit” to modify the ACL.
To make the object publicly accessible, enable public read access by selecting the Read checkbox in the Everyone row, under the Objects column in the ACL.
Also, check the box to acknowledge the impact of the changes you’ve made. Finally, click “Save changes” to apply the ACL settings.
5. Accessing the Public Object
With the configuration complete to make the object publicly accessible, let’s verify that it can be accessed over the internet. Use the Object URL you tried earlier.
Paste the Object URL into your browser’s address bar and press Enter. You should now be able to view the object (the image you uploaded) successfully.
Best Practices
Since we’ve completed our objective of making an S3 object public, it’s important to consider some best practices. Prioritize security by ensuring that only necessary objects are made publicly accessible to reduce the risk of exposing sensitive data.
Limit public access to specific objects rather than granting broad access to entire buckets. This helps to contain potential security issues and ensures that only the intended content is available to the public.
Regularly review and update your bucket policies and access controls. As security needs and organizational requirements evolve, keeping your policies current is essential for maintaining security and compliance. Regular reviews help ensure that your S3 buckets remain secure and that access settings are aligned with your current needs.
Read more on S3 best practices here.
Conclusion
In this article, we’ve walked through the steps to make an S3 object publicly accessible using the AWS Management Console. By following these procedures, you can ensure that your objects are available over the internet as needed.
Remember, you can apply the same configurations to make existing objects in existing S3 buckets public. Just follow the same steps to adjust permissions and access settings as required. By adhering to best practices, you can maintain control over your data while making it available to the public.
