To make an S3 bucket publicly accessible without setting the ACL to public for every individual file or directory, you can configure a public Access Control List (ACL) policy directly at the bucket level using a JSON policy. This approach ensures that any object uploaded into the bucket can inherit the public permissions automatically, without needing manual configuration for each file or folder.
Disable "Block Public Access" Settings
When creating our S3 Bucket, you need to disable the "Block Public Access" settings for the bucket. These settings are enabled by default to prevent accidental exposure of your data. If you already have an S3 Bucket Go to the "Permissions" tab of your S3 bucket, scroll down until the section "Block public access" section, and turn off all the block options. This will allow the public ACL policy to take into action in the next step.
Set the Bucket Policy
Before setting our Public Access Policy, S3 bucket will return an error when trying to access a file or an image, below you will find an image with an explicit error when not having an ACL public policy or public ACL on the file.
After you had the "Block Public Access" disabled, it is time to create the bucket policy to allow public access to the objects, in your S3 bucket go to the "Permissions" tab and scroll down until section "Bucket Policy", click on edit button.
Below is a sample JSON policy that grants public read access to all files in the bucket. This policy allows anyone to list and read objects in the bucket but does not allow modifying or deleting them.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}
You can replace, in above policy, "your-bucket-name" with your actual S3 bucket name. The s3:GetObject action allows public users to read all the files and content in the bucket, while the /* at the end of the ARN ensures that all objects within the bucket are accessible.
Once created the policy, save it and apply it to your S3 bucket through the "Bucket Policy" editor clicking on "Save Changes" button. Once applied, any object uploaded into this bucket will inherit the public read access by default, without needing to configure individual file or folder permissions.
Once we have saved our Bucket Policy we can refresh above image and confirm, the policy had taken effect over the bucket's content.
By configuring this bucket policy, you simplify the management of public access, making it easier to share content from your S3 bucket while ensuring that every file automatically inherits the necessary public permissions.
