Vultr Object Storage configured for public read access provides a method for sharing data with anyone on the internet. Vultr's Object Storage service allows users to set their buckets to be publicly accessible, enabling easy retrieval of stored files. However, it is crucial to recognize the security implications of this configuration.
Follow this guide to set Vultr Object Storage to Public Read using s3cmd
and AWS CLI
Deploy a Vultr S3 object storage and create a bucket.
Configure s3cmd
with Vultr Object Storage.
$ s3cmd --configure
Follow the prompts and provide Bucket credentials like Access Key, Secret Key, Default Region and S3 Endpoint. These credentials can be retrieved from the overview page of the Vultr Object Storage.
Enter the DNS-style template. For example, if you choose the New Jersey location, use %(bucket)s.ewr1.vultrobjects.com
.
DNS-style bucket+hostname:port template for accessing a
bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.ewr1.vultrobjects.com
Upload a file in the bucket.
$ s3cmd put /<local-file-location> s3://<your-bucket-name>/
Copy the URL and access the file in a browser.
The output displayed in the below image shows that public access to objects in the bucket is not enabled.
Create a new json
file to set up a bucket policy.
$ nano public-policy.json
Copy and paste the below content into the file.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<your-bucket-name>/*"
]
}
]
}
Save and close the file.
The above S3 bucket policy grants public read-only access to all objects in the bucket publicstorage1245. Here's the breakdown:
Version
: Uses AWS policy format as of 2012-10-17.Statement ID (Sid)
: Label PublicReadGetObject identifies this rule.Effect
: "Allow" grants permission.Principal
: "*" allows anyone (public) access.Action
: "s3:GetObject" permits downloading objects.Resource
: Applies to all objects in the bucket mentioned in the policy.Set the policy for the bucket.
$ s3cmd setpolicy public-policy.json s3://<your-bucket-name>
Optional: Check the policy applied to the bucket.
$ s3cmd info s3://<your-bucket-name>
Confirm the application of policy by accessing the object URL in a browser.
Configure the AWS CLI.
$ aws configure --profile my-config
Follow the prompts and provide Bucket credentials like Access Key, Secret Key, and Default Region. These credentials can be retrieved from the overview page of the Vultr Object Storage.
Upload a file in the bucket.
$ aws --endpoint-url https://<your-hostname> --profile my-config s3api put-object --bucket <your-bucket-name> --key <remote-filename> --body <local-file-location>
Copy the URL and access the file in a browser.
The output displayed in the below image shows that public access to objects in the bucket is not enabled.
Create a new json
file to set up a bucket policy.
$ nano public-policy.json
Copy and paste the below content into the file.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<your-bucket-name>/*"
]
}
]
}
Save and close the file.
Set the policy for the bucket using AWS CLI.
$ aws --profile my-config --endpoint-url https://<your-hostname> s3api put-bucket-policy --bucket <your-bucket-name> --policy file://public-policy.json
Optional: Check the policy applied to the bucket.
$ aws --profile my-config --endpoint-url https://<your-hostname> s3api get-bucket-policy --bucket <your-bucket-name>
Confirm the application of policy by accessing the object URL in a browser.