Public (read) #

Please note that in all examples, the Principal is * (everyone). So this sets the stage.

Access anything #

You want to make files in your bucket "bucket-name.example.org" available to anyone on the Internet.

Before granting access to everyone, make sure to understand the implications. All files can be viewed/downloaded by anyone.

This is the most simple policy to implement:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject", "s3:GetObjectVersion"],
      "Resource": [
        "arn:aws:s3:::bucket-name.example.org/*",
        "arn:aws:s3:::bucket-name.example.org"
      ]
    }
  ]
}

Public access based on prefix #

Make objects in a certain _folder_ available to anyone on the Internet.

Folders don’t exist in the object storage — what we generally consider a folder or directory is part of the object’s name. If you want to allow access to all objects (files) in a certain folder (prefix), see the following policy which uses the prefix in the Resource:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::bucket-name.example.org/public/*"
      ]
    }
  ]
}

This would allow access to objects such as:

• /public/terms.pdf
• /public/case-study.pdf

But would prohibit access to objects such as:

• /super-secret.txt
• /some/other/name.doc