๐ 03. S3 Bucket Policy Hands On
In this hands-on, weโll make an S3 bucket publicly accessible so that files (e.g., coffee.jpg) can be viewed via a public URL.
๐งฉ 01. Allow Public Accessโ
- Go to your S3 bucket โ Permissions tab.
- Under Block Public Access, click Edit.
- Untick all options that block public access.
- Confirm by clicking Save changes.
โ ๏ธ Only disable this if you intentionally want a public bucket (e.g., for static website hosting).
๐งฑ 02. Create a Bucket Policyโ
-
Scroll to Bucket Policy and click Edit Policy.
-
Use the AWS Policy Generator:
- Select Type: S3 Bucket Policy
- Effect: Allow
- Principal:
* - Action:
s3:GetObject - ARN:
arn:aws:s3:::your-bucket-name/*
-
Generate and copy the JSON.
๐งพ 03. Example Policyโ
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadAccess",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}
- Paste this JSON into the Bucket Policy Editor and Save changes.
- Ensure there are no extra spaces or syntax errors.
๐ 04. Verify Public Accessโ
- Go to Objects โ select your file (e.g.,
coffee.jpg). - Copy the Object URL.
- Open it in a browser.
โ If configured correctly, the image should display publicly.
๐ง Summaryโ
| Step | Action | Purpose |
|---|---|---|
| 1 | Disable Block Public Access | Allow public policies to work |
| 2 | Create Policy with Principal: * | Grant global read access |
| 3 | Apply Policy | Make bucket objects public |
| 4 | Test URL | Confirm accessibility |
๐ Result: Your coffee.jpg file (and other objects) are now publicly viewable via a direct S3 URL.