How to set up public bucket policy on Object Storage

2022-07-25 (Last Modified: 2022-07-25)

Page content

This one is really quick and easy to set up public bucket policy on DigitalOcean Spaces . Spaces are S3 type object storage, you can check out about it here .

We need policy.json file with content like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-public-bucket/*"
            ]
        }
    ]
}

Please do remember about replacing my-public-bucket with your bucket name.

There is a huge chance that you already have awscli configured on your computer. So we use this to setup policy:

The other magical line is this one:

aws --profile=ocean --endpoint-url https://ams3.digitaloceanspaces.com s3api put-bucket-policy --bucket my-public-bucket --policy file://policy.json

Obviously uoi have to replace my-public-bucket with your bucket name and ams3.digitaloceanspaces.com with correct endpoint.

After this set of operations, all newly created object will be public by default.

Bonus tip CORS setup:

Create a cors.json file with content like this:

{
  "CORSRules": [
    {
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["GET", "POST", "PUT", "DELETE"],
      "AllowedOrigins": ["*", "https://my.domain.com"],
      "ExposeHeaders": ["ETag"],
      "MaxAgeSeconds": 3000
    }
  ]
}

and apply it to your bucket

aws --profile hetzner --endpoint-url https://fsn1.your-objectstorage.com s3api put-bucket-cors --bucket my-bucket --cors-configuration file://cors.json