Allowing Public Access to S3 Objects by Policy

I recently wanted to upload a Techno mix that I wanted to share with a local DJ friend. As expected after allowing public access in the initial bucket provisioning step, I came up with an access-denied when accessing it via URL.

Here is the resulting policy I created directly within the bucket permissions tab to give public access to the file I uploaded.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::housentechnomixes/*"
        }
    ]
}

Navigate to the S3 console and select the bucket you want to provide public access to
Click on the 'Permissions' tab
Scroll down to the 'Bucket policy' section and click 'Edit'
Review the entire policy to ensure it follows best practices:
- Use specific actions instead of wildcard "*"
- Use specific resource ARNs instead of "*"
- Ensure the policy is as restrictive as possible while still allowing necessary actions
Click 'Save changes' to update the bucket policy

Key Components

1. `"Version"`

"Version": "2012-10-17"

This specifies the version of the policy language.
The date (2012-10-17) indicates the current version of the AWS policy language. Using the correct version ensures compatibility with AWS's features and services.

2. `"Statement"`

"Statement": [
  {
    ...
  }
]

This is a container for one or more individual permissions. Each entry in the array is a permission statement defining a specific rule.

3. `"Sid"` (Statement ID)

"Sid": "PublicReadGetObject"

Key Components

1. "Version"

2. "Statement"

3. "Sid" (Statement ID)

1. `"Version"`

2. `"Statement"`

3. `"Sid"` (Statement ID)