Amazon S3: Example Bucket Policy for Static Website Hosting

Since I have to look it every time, I'm posting it here, for my own--and possibly also your--reference: A reusable bucket policy for S3 to grant read access for static websites. Simply copy, paste it in your bucket's policy editor, and replace BUCKET_NAME with your bucket's name.

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "PublicReadAccess",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET_NAME/*"

Note: Make sure to also disable block public access settings for your bucket. Before doing this though, please review Blocking public access to your Amazon S3 storage to ensure that you understand and accept the risks involved with allowing public access. When you turn off block public access settings to make your bucket public, anyone on the internet can access your bucket.

Dennis Traub

Developer Advocate at AWS | Coder & Solutions Architect | Cloud Expert with 30 Years in Tech

Recent Posts