Web Application

How to Apply a Public Read Policy for Vultr Object Storage Subscription

How to Apply a Public Read Policy for Vultr Object Storage Subscription

Learn how to configure public read access for Vultr Object Storage buckets to share files with anyone on the internet without authentication.

Vultr Object Storage subscription public read setting provides a method for sharing data with anyone on the internet. Setting a bucket access to public allows anyone to retrieve files without authenticating to your subscription. Therefore, only grant access to assets specifically intended for public like static website hosting files.

Follow this guide to set Vultr Object Storage subscription to Public Read using s3cmd and AWS CLI.

  • S3cmd
  1. Deploy Vultr Object Storage subscription and create a bucket.
  2. Configure s3cmd with Vultr Object Storage subscription.
    console
    $ s3cmd --configure

    Follow the prompts and provide Bucket credentials like Access KeySecret KeyDefault Region, and S3 Endpoint. You can retrieve these credentials from Vultr Object Storage subscription Overview page.

  3. Enter the DNS-style template. For example, if you choose the New Jersey location, use %(bucket)s.ewr1.vultrobjects.com. 
    DNS-style bucket+hostname:port template for accessing a 
bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.ewr1.vultrobjects.com
  4. Upload a file to the bucket.
    console
    $ s3cmd put /<local-file-location> s3://<your-bucket-name>/
  5. Copy the file URL.
  6. Access the file in a browser. The output displayed in the image below shows that you’ve not enable public access to objects in the bucket.

  7. Create a new json file to set up a bucket policy.
    console
    $ nano public-policy.json
  8. Copy the content below and paste it into the json file.
    json
    {
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "PublicReadGetObject",
    "Effect": "Allow",
    "Principal": "*",
    "Action": [
        "s3:GetObject"
    ],
    "Resource": [
        "arn:aws:s3:::<your-bucket-name>/*"
    ]
    }
]
}

    Save and close the file.

    The above S3 bucket policy grants public read-only access to all objects in the bucket. In the above settings:

    • Version: Uses AWS policy format as of 2012-10-17.
    • Statement ID (Sid): Label PublicReadGetObject identifies this rule.
    • Effect: “Allow” grants permission.
    • Principal: “*” allows everyone public access.
    • Action: “s3:GetObject” permits downloading objects.
    • Resource: Applies to all objects in the bucket mentioned in the policy.
  9. Set the bucket policy.
    console
    $ s3cmd setpolicy public-policy.json s3://<your-bucket-name>

    Verify the bucket policy if needed.

  10. console
    $ s3cmd info s3://<your-bucket-name>

    Confirm the new policy by accessing the object URL in a browser.

Note

If you want to access objects from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. Refer to the guide on How to Apply CORS Policies to Vultr Object Storage subscription Buckets.

  • AWS CLI
  1. Configure the AWS CLI.
    console
    $ aws configure --profile my-config

    Follow the prompts and provide Bucket credentials like Access KeySecret Key, and Default Region. You can retrieve these credentials from Vultr Object Storage subscription Overview page.

  2. Upload a file to the bucket.
    console
    $ aws --endpoint-url https://<your-hostname> --profile my-config s3api put-object --bucket <your-bucket-name> --key <remote-filename> --body <local-file-location>
  3. Copy the file URL.
  4. Access the file in a browser. The output displayed in the image below shows that you’ve not enabled public access to objects in the bucket.

  5. Create a new json file, such as public-policy.json to set up a bucket policy.
    console
    $ nano public-policy.json

    Copy the content below and paste it into the json file.

  6. json
    {
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "PublicReadGetObject",
    "Effect": "Allow",
    "Principal": "*",
    "Action": [
        "s3:GetObject"
    ],
    "Resource": [
        "arn:aws:s3:::<your-bucket-name>/*"
    ]
    }
]
}

    Save and close the file.

  7. Set the policy for the bucket using AWS CLI.
    console
    $ aws --profile my-config --endpoint-url https://<your-hostname> s3api put-bucket-policy --bucket <your-bucket-name> --policy file://public-policy.json
  8. Verify the bucket policy if needed.
    console
    $ aws --profile my-config --endpoint-url https://<your-hostname> s3api get-bucket-policy --bucket <your-bucket-name>
  9. Confirm the new policy by accessing the object URL in a browser.
Note

If you want to access objects from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. Refer to the guide on How to Apply CORS Policies to Vultr Object Storage subscription Buckets.

How to Apply a Public Read Policy for Vultr Object Storage Subscription Learn how to configure public read access for Vultr Object Storage buckets to share files with anyone on the internet without authentication. Vultr Object Storage subscription public read setting provides a method for sharing data with anyone on…

How to Apply a Public Read Policy for Vultr Object Storage Subscription Learn how to configure public read access for Vultr Object Storage buckets to share files with anyone on the internet without authentication. Vultr Object Storage subscription public read setting provides a method for sharing data with anyone on…

Leave a Reply

Your email address will not be published. Required fields are marked *