How to Set Public ReadOnly Access on Amazon S3 Bucket

As a data scientist or software engineer, you may have come across the need to share data or files with other users outside your organization. Amazon S3 is a popular cloud storage service that provides scalable and highly available object storage. However, by default, S3 buckets are private, meaning only authorized users can access them. In this article, we will discuss how to set up public read-only access on an Amazon S3 bucket.

Table of Contents

1. What is an Amazon S3 Bucket?
2. Why Set Public Read-Only Access?
3. Setting Public Read-Only Access on an Amazon S3 Bucket
4. Best Practices for Security
5. Common Errors and Troubleshooting
6. Conclusion

What is an Amazon S3 Bucket?

Amazon S3 (Simple Storage Service) is a cloud storage service from Amazon Web Services (AWS). S3 provides highly scalable and durable object storage for various use cases, including backup and archiving, data lakes, and static website hosting. S3 buckets are the primary containers for objects (files) stored in S3. Each bucket has a unique name globally, and objects in S3 are stored in a flat namespace within the bucket.

Why Set Public Read-Only Access?

Sometimes, you may need to share data or files stored in an S3 bucket with users outside your organization, such as clients, partners, or the public. In such cases, you can grant public read-only access to your S3 bucket without compromising its security.

Public read-only access allows anyone with the bucket URL to view and download the objects in the bucket. However, they cannot modify or delete the objects or upload new ones. Public read-only access is suitable for use cases such as hosting static website assets, distributing public datasets, or sharing marketing materials.

Setting Public Read-Only Access on an Amazon S3 Bucket

Setting up public read-only access on an Amazon S3 bucket requires a few steps, as follows:

Step 1: Create an S3 Bucket

If you don’t have an S3 bucket already, you can create one by following these steps:

1. Go to the Amazon S3 console.
2. Click the “Create bucket” button.
3. Enter a unique bucket name and choose the region where you want to store your data.
4. Choose the default settings for the bucket, such as access control and encryption.
5. Click the “Create bucket” button.

Step 2: Upload Objects to the S3 Bucket

Next, you need to upload the objects (files) you want to share with public read-only access to the S3 bucket. You can upload objects to the bucket using the S3 console or the AWS Command Line Interface (CLI).

Step 3: Set Bucket Policy for Public Read-Only Access

To set public read-only access on an S3 bucket, you need to create a bucket policy that grants read access to everyone. Here’s an example bucket policy that grants public read-only access to all objects in the bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME/*"
            ]
        }
    ]
}

To create a bucket policy, follow these steps:

1. Go to the Amazon S3 console.
2. Select your bucket and click the “Permissions” tab.
3. Click the “Bucket Policy” button.
4. Paste the above example policy in the text editor.
5. Replace “YOUR-BUCKET-NAME” with your actual bucket name in the policy.
6. Click the “Save” button.

Step 4: Verify Public Read-Only Access

To verify that public read-only access is working, you can use a web browser to access the objects in your S3 bucket using the bucket URL. For example, if your bucket name is “my-bucket,” the URL would be “https://s3.console.aws.amazon.com/s3/buckets/my-bucket/". You should be able to see the objects in the bucket and download them without authentication.

Best Practices for Security

While granting public access, it’s crucial to follow best practices for security. Avoid granting unnecessary permissions and regularly audit your S3 bucket policies. Additionally, consider using IAM roles and temporary credentials for more granular control.

Common Errors and Troubleshooting

Error 1: Invalid JSON Policy

If you encounter an “Invalid JSON” error, ensure that your Bucket Policy follows the correct JSON syntax. Use online JSON validators to identify and fix syntax errors.

Error 2: Incorrect Bucket Policy Syntax

Check for typos and ensure that the Bucket Policy has the correct syntax. Refer to the AWS documentation for the proper structure.

Error 3: IAM User Permissions

If your IAM user lacks the necessary permissions to modify the S3 bucket policy, update the IAM user policy to include the s3:PutBucketPolicy action.

Conflict with Block public access (bucket settings)

Sometimes when you try to edit the bucket policy, there will be an error as shown below:

To solve this error, you first have to disable the Block public access.

After unchecking those block public, comeback to the step 3 above and try again.

Conclusion

Setting public read-only access on an Amazon S3 bucket is a straightforward process that can come in handy when you need to share data or files with users outside your organization. By following the steps outlined in this article, you can create an S3 bucket, upload objects to it, and set a bucket policy for public read-only access. With public read-only access, anyone with the bucket URL can view and download the objects in the bucket, making it a useful feature for various use cases.

SHARE:

About Saturn Cloud

Saturn Cloud is your all-in-one solution for data science & ML development, deployment, and data pipelines in the cloud. Spin up a notebook with 4TB of RAM, add a GPU, connect to a distributed cluster of workers, and more. Request a demo today to learn more.