By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I create a public URL for one file in S3?

0

How do I create a public URL for one file in S3? I’m using S3 and want to make one file (like a PDF or JPG) public without exposing the entire bucket. I’ve seen pre-signed URLs and bucket policies mentioned. What’s the simplest way to do this?

Is one more secure than the other?

Topics
StorageAnalyticsManagement & Governance
Tags
Amazon Simple Storage ServiceAmazon S3 GlacierAmazon AthenaAWS Command Line InterfaceStorage
Language
English
asked 5 days ago29 views
1 Answer
1
Accepted Answer

There are two main approaches to make a single file in an S3 bucket publicly accessible:

Option 1: Make the specific object public using ACLs

  1. First, ensure bucket settings allow public access:
  • Go to your S3 bucket and click on the "Permissions" tab
  • Under "Block public access", make sure "Block public access to buckets and objects granted through new public bucket or access point policies" is OFF
  • Also ensure "Block public access to buckets and objects granted through any access control lists (ACLs)" is OFF
  1. Make the specific object public:
  • Select the file in S3
  • Click "Actions" dropdown
  • Select "Make public using ACL"
  • Confirm the action
  1. You can then use the "Object URL" to access the file

Option 2: Use a bucket policy for a specific object

  1. Modify the Block Public Access settings for your bucket:
  • Go to the "Permissions" tab
  • Find the "Block public access" section and click "Edit"
  • Uncheck the relevant settings to allow public access
  1. Create a bucket policy that grants public read access only to the specific object:
  • In the "Permissions" tab, go to "Bucket policy"
  • Add a policy that specifies the exact object path:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadForSingleObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/path/to/your/specific/file.jpg"
}
]
}

Option 3: Use pre-signed URLs (more secure) Instead of making objects permanently public, you can generate pre-signed URLs that provide temporary access:

  • Pre-signed URLs expire after a set time (maximum 7 days)
  • They can be generated using AWS SDKs
  • This approach is more secure as it provides temporary, controlled access rather than making the object permanently public

From a security perspective, pre-signed URLs are the most secure option since they provide temporary access rather than making the object permanently public. If you must make an object permanently public, using a specific bucket policy is generally preferred over ACLs as it provides more granular control.

Remember that any object made public will be accessible to anyone on the internet, so ensure the file doesn't contain sensitive information.
Sources
How do I make a single file in an S3 bucket publicly accessible? | AWS re:Post
Simple S3 Permissions Help | AWS re:Post
Creating a pre-signed url directly from my website | AWS re:Post
How do I obtain a public access link for my S3 bucket resource? | AWS re:Post
Create a presigned URL for Amazon S3 using an AWS SDK - Amazon Simple Storage Service

answered 5 days ago
AWS
EXPERT
reviewed 5 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content