How to Allow Public Access to an Amazon S3 Bucket & Find S3 URLs

If you’re using an Amazon S3 bucket to share files, you’ll first need to make those files public. If you don’t, when your users try to access the URL they’ll get an Access Denied error. Here’s how to fix it.

Amazon Web Services logo
Amazon Web Services logo
Last Updated:
Filed Under: Web

This post may include affiliate links. Read more.

If you’re using an Amazon S3 bucket to share files with anyone else, you’ll first need to make those files public. Maybe you’re sending download links to someone, trying to share photos with a client, or perhaps you’re using S3 for static files for your website or as a content delivery network (CDN). But if you don’t make the files public, your users will get an XML Access Denied error message saying the file is unavailable.

It’s relatively straightforward to make S3 buckets public, but it’s not necessarily self-evident how to do it. It has also changed from an older method (I’ve updated below with the new method.)

I’m focusing here on making an entire bucket and all of its contents public. So before you make the changes, please be sure that you don’t have any files in there that you don’t want accessible to everyone on the internet. It is quite possible to make individual files (or objects) public on a file-by-file basis; I’ll cover that further down this page.

But for situations where you don’t want to be messing with permissions for each individual file–say, if you’re using an S3 bucket to share photos from a whole shoot with clients or as the storage source for your website’s CDN–you can also make the entire bucket publicly accessible. That includes all of its existing contents and any new files uploaded to it. So a big advantage of doing it this way is that it will apply to all files you add to the bucket in the future as well. This means you should only have to do this once per bucket. But it also means that you definitely don’t want to do this if you’re using the bucket as a cloud backup of your computer.

There are also multiple ways to handle the issue. While this is among the quickest and simplest, it’s not the only method and not even necessarily the best for all uses. A more secure and more precise way to do it is through using the AWS access control list (ACL) tools, but that method can be potentially more complicated.

Creating a New S3 Bucket to be Public

When you create a new bucket, there’s a new step-by-step process that is much more user-friendly than the old version.

Step 3 in that process is to set permissions. By default, new buckets are set to Block all public access. In other words, no-one else can access the files. You can uncheck that option to allow read access so that they can view and download the files but can’t edit or delete them.

How to Make a New Amazon S3 Bucket Public | Screenshot

How to Make an S3 Bucket Public

Here’s how to do it for one S3 bucket at a time.

1. Sign in to Amazon Web Services and go to your S3 Management Console.

2. Click on the name of the S3 bucket from the list. If it’s still in its default access state, it should say “Buckets and objects not public” next to it.

Amazon S3 Bucket Selection from List | Screenshot

3. Go to the Permissions tab. The first sub-tab, which is open by default, is Block Public Access, and the “Block all public access option will be On. Click on the Edit button at the right.

Amazon S3 Bucket Permissions Edit | Screenshot

4. Uncheck the “Block all public access” option, and then click the Save button.

Amazon S3 Bucket Public Uncheck | Screenshot

You’ll then be asked to confirm the change by typing in the word “confirm”.

Making Everything in the S3 Bucket Publicly Accessible

If you go back to the S3 buckets list, you’ll see that the access for that bucket has now been changed to “Objects can be public.” And that’s where the official Amazon instructions stop. But I’m guessing that the reason you’re here is that you’ve discovered that doesn’t actually make the entire bucket public. If you try to read the files now through a web browser, for instance, you’ll still get the Access Denied error.

Amazon S3 Bucket Objects Can Be Public | Screenshot

So we can take it a step further and make an entire bucket, all of its existing contents, and any new files uploaded to it, publicly accessible.

But before proceeding, know that Amazon discourages granting public access to an S3 bucket and will show you a warning to that effect when you save the Bucket Policy below. If you proceed, this is going to make all the bucket’s contents available to anyone with an internet connection to read, view, and download.

1. From the bucket list, click on the bucket name again. Select the Permissions tab again, but this time go to the Bucket Policy sub-item. This opens the Bucket Policy Editor.

Amazon S3 Bucket Policy Editor | Screenshot

4. Copy and paste this code in the Bucket Policy Editor entry area. You’ll need to replace “YOUR-BUCKET-NAME” with your full bucket name.

{"Version": "2008-10-17",
"Statement": [{"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
}]}

As an example, if your bucket is named “havecamerawilltravel.developer”, as in the example I’m using here, it should look like the screengrab below.

Amazon S3 Bucket Policy Editor Example | Screenshot

When you click Save, you’ll get a warning:

Amazon S3 Bucket Public Access Warning | Screenshot

If you want to heed that warning and remove the public access, you can use the Delete button above the input area.

Now, when you go back to the bucket list, you’ll see that the entry in the access column has changed to public.

Amazon S3 Bucket Public Access Bucket Policy | Screenshot

How to Find the S3 Bucket URL & the URL for an Individual Object

There are a number of ways to share the contents of the bucket, from an individual URL for an individual object through making the bucket available to host a static website on a custom domain.

If you’re looking to quickly share the URL of a specific S3 object, here’s one way to find the link:

1. From the bucket list, click on the name of the bucket. Then choose the Overview tab for a list of the files in the bucket.

Amazon S3 Object URL | Screenshot

2. Use the search bar to locate the file, if necessary. Then click to the right of the file name, but not actually on the file name (that will open something different).

Amazon S3 File Access Public 1 | Screenshot

3. From the slide-out panel, you can find the file’s endpoint using the Object URL field.

Amazon S3 Bucket Copy URL Path | Screenshot

You can then send that link to others to download or open.

How to Find an Amazon S3 Bucket Endpoint

Some applications, such as plugins for website platforms or backups apps, might ask for your bucket’s endpoint. That’s the location displayed in a standard URL format (as opposed to a local path, for instance). It’s also sometimes called the S3 URL.

Here’s a quick way to find the endpoint URL.

1. Click on the bucket name from the list of S3 buckets.

2. Go to the Properties tab.

3. Click on the Static Website Hosting card. The first bit of information on the card is the endpoint address.

Amazon S3 Bucket Endpoint URL | Screenshot

If you’re going to set up the bucket to host a static website, there’s more to it. You can find Amazon’s instructions on the rest of that process here.

47 thoughts on “How to Allow Public Access to an Amazon S3 Bucket & Find S3 URLs”

    • The first thing I’d check is the content type of the object. To do that for an individual image, go through the S3 console and find the image in the list of the bucket contents. Check the box next to it, and then go to the “Actions” dropdown menu and then choose “Edit Metadata.” If there’s an existing entry for Content Type that’s not image/jpeg, change that to image/jpeg. If there’s no content type set, use the Add Metadata button to add it.

      Here’s an example with that same image you used. This is opening for me as a display, whereas the link you sent is downloading in the same window: https://s3.amazonaws.com/download.havecamerawilltravel.com/bach_frontpage_logo.jpg

      If it’s already set to image/jpeg, then I’m not sure off the top of my head.

      If that does solve it, it’s still not a perfect solution because that’s essentially leaving the handling to the browser. Most browsers are set by default to display jpegs rather than download, and what you’re doing is telling the browser that it’s a jpeg. If the browser settings are set to other behavior, you’re mostly at the mercy of those settings on the user’s computer or to create some kind of front-end display that you can control.

      There are also ways to programmatically set the content type for a bucket’s contents. I don’t have the code at hand, but it should be pretty easily available through a Google search.

      Reply
  1. On the step “Creating a New S3 Bucket to be Public” whoever is setting the bucket and following this article could scratch their head thinking that if they uncheck the box to make the bucket public it also means that anyone can be uploading files to this bucket as it is “public”. It would be nice to evidently say that it will make just make the bucket public readable.

    Reply
  2. Hi buddy,
    I have a question connected with aws-cli,, do I need a credentials for accessing the bucket? because in the browser I can do list objects,

    Reply
  3. THIS IS FROM MAY 2020 AFTER SEARCHING FOR SEVERHAL HOURS I FINALLY FIXED THIS ISSUES
    FOR DJANGO USERS

    AWS_ACCESS_KEY_ID = “ADD YOU KEY”
    AWS_SECRET_ACCESS_KEY = “ADD YOU KEY HER”
    AWS_STORAGE_BUCKET_NAME = “YOUR BUCKKETNAM”
    AWS_S3_FILE_OVERWRITE = False
    AWS_DEFAULT_ACL = None
    AWS_S3_REGION_NAME = “eu-west-2”

    DEFAULT_FILE_STORAGE = ‘storages.backends.s3boto3.S3Boto3Storage’
    STATICFILES_STORAGE = ‘storages.backends.s3boto3.S3Boto3Storage

    PLEEEASSE NOTE
    it is important to set the AWS_S3_REGION_NAME of your bucket,
    Fixed my issue

    Reply
  4. Hi buddy,
    Here I follow your step from start to end to make publically my files/images and still I get an Access Denied error message while I click on ObjectURL.

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    AccessDenied
    Access Denied
    05F4D16FD016EF1F

    iaCJgCMLuRt6U1f3AfDK5zBr2P6UzKHOTCg5W+kw5FLppFMd/RjkXfQLeLNJXW54mHrUmvwCGho=

    Reply
      • How do i get my files to be searched by internet search engines like google, yahoo, etc? My bucket is public but when i search fo them on those sites nothing comes up. the Url links work though in the buckets, i just want them searchable by search engines. how can i do that?

        Reply
        • Good question, and I don’t have a good answer. While I’ve done a lot with getting my images indexed on my own domains and on CDNs, I’ve not tried to do it with a raw Amazon S3 bucket without setting it up as a CDN. If there’s an “index this” toggle switch, I don’t know about it (and I doubt it exists through S3). But various things would be worth a try:

          • Link to the files from a separate indexed web page. For instance, if you have a separate website then linking back to the S3 versions should give the crawler bots enough to find them eventually. It’ll probably take time, though, and it’ll likely start at the bottom of the ranking pile.
          • Incorporate the S3 files into a sitemap on your website on a different domain. It’ll take some coding.
          • Set the S3 bucket up with Cloudfront as a CDN and then make sure that some other page/site is pointing to the CDN (again, ideally, with an automated sitemap).
  5. As an update for the next person trying to find where the actual URL is on the now updated AWS bucket page.
    Goto bucket you want to find URL
    Goto Properties
    Static web site hosting (under properties)
    Look up top of pop up as “endpoint”
    There is your URL

    Reply
        • David,

          Ann asked, and I also want to know:

          ” how do I actually share the url of the specific S3 bucket?”

          You only provided method to: “quickly share the URL of a specific OBJECT” within a bucket

          Well, that is easy, we figured that out on day one. Now I am on day five and still have not found a way to create and share a BUCKET URL without hosting a website.

          Since you danced around this question assume AWS S3 lacks this, basic, functionality?

          So folks, it appears one CANNOT get a URL link to an AWS S3 bucket unless the AWS account holder has a domain, which they purchase from the domain pirate, one CANNOT create a functional link to view content in S3 Bucket.

          But google DOES have this functionality using google DRIVE, AND they give you 15GB of data FREE. AWS only gives you 5GB and does not have the same functionality as google.

        • You can get the URL of the bucket by granting everyone list access and then using the endpoint (if you’re using Amazon East, it’s in the format:

          But the list might not be in a form you expect–it’s an XML listing of all the contents of the bucket, including its filename (key), last modified date, Etag, size, and the storage class. It’s not designed out of the box to be displayed as a user-friendly page of HTML links. If you’re after something like that, Google Drive or Dropbox might be more what you’re after.

  6. Hi David,

    I’ve been using S3 for some time now and would like some clarification on the “public” status. If dealing with sensitive static documents (stored on S3) that would be available to download on a website behind a secure login, my understanding is that I would need to make that file “public” in S3 terms. Does this mean that anyone with that link could access the file? I already have a few IAM groups set up controlling access rights within S3 but how would I link those access rights to the logins of the actual website?

    Reply
  7. Hi David,

    I am having a difficult time trying to figure out something I think is probably very simple…

    I just got OptimizePress Membership, and I am creating a new website. I heard that it is best to have all of my static images, and also my membership area videos (and other information) on Amazon S3.

    So I created an Amazon S3 account, and for the life of me, I cannot figure out what to do from there…. How do you get the static images to show on OptimizePress website, and how do you put private/secure videos on there as well?

    I thought I might need a wordpress plugin, yet I could not find any that have not been kept up to date or that would even work to help.

    I have been searching and searching for just some simple ‘this is how you do it’ answer, yet I am still left in the dark.

    If you could help me I would appreciate it.

    Thank you,
    Judie

    Reply
    • Well, it’s not something very simple, so no worries there. I’m not familiar with OptimizePress, but the general way to upload files to Amazon S3 will require some kind of client. They come in all sorts of different forms, from browser plugins to full-featured data transfer apps. There are also plugins for various content management systems like Wordpress.

      Once you’ve uploaded the files to S3 and made them accessible to the public, each file has it’s own URL. I don’t know how OptimizePress works exactly, but somehow you’ll use that URL to have the files show up on your site.

      Reply
  8. Hi, thanks for posting. I’m having a very hard time finding the answer to a simple question: how do a enable an S3 bucket to be accessible as a simple site to browse/download from files and folders within the S3 bucket? I don’t need to really host a ‘website’… I just need to be able to enable public users to browse and download files from my S3 bucket.

    Reply
    • Off the top of my head, I’m pretty sure there’s no native way to make them browsable–you’d need something else to create that functionality. It could be anything from a static website with links to a CMS that’s pulling from S3. There are browser plugins that let you manage your buckets, but they’re mostly designed for the owner’s admin rather than allowing public access. If you’re inclined to mess with some javascript, this looks promising.

      Reply
    • Do you mean enabling versioning of files in a bucket? If so, here’s a guide on how to do that. If you mean the version date in the code example, you can leave it as it is in the example code.

      Reply
  9. Hi,

    Thanks for the post. I am wondering that hosting tracks on an EC2 at Amazon would also work? While need setting up an Apache web server through. What’s the advantage of using S3 then?

    Reply

Leave a Comment