Latest Content

How to Apply a Public Read Policy for Vultr Object Storage Subscription

Updated on 01 April, 2026

Learn how to configure public read access for Vultr Object Storage buckets to share files with anyone on the internet without authentication.

Vultr Object Storage subscription public read setting provides a method for sharing data with anyone on the internet. Setting a bucket access to public allows anyone to retrieve files without authenticating to your subscription. Therefore, only grant access to assets specifically intended for public like static website hosting files.

Follow this guide to set Vultr Object Storage subscription to Public Read using s3cmd and AWS CLI.

  • S3cmd
  • AWS CLI

  1. Deploy Vultr Object Storage subscription and create a bucket.

  2. Configure s3cmd with Vultr Object Storage subscription.

    console 
    $ s3cmd --configure

    Follow the prompts and provide Bucket credentials like Access Key, Secret Key, Default Region, and S3 Endpoint. You can retrieve these credentials from Vultr Object Storage subscription Overview page.

  3. Enter the DNS-style template. For example, if you choose the New Jersey location, use %(bucket)s.ewr1.vultrobjects.com.

    DNS-style bucket+hostname:port template for accessing a 
bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.ewr1.vultrobjects.com

  4. Upload a file to the bucket. Replace LOCAL_FILE_PATH with the local file path and BUCKET_NAME with your bucket name.

    console 
    $ s3cmd put LOCAL_FILE_PATH s3://BUCKET_NAME/

  5. Copy the file URL.

  6. Access the file in a browser. The output displayed in the image below shows that you've not enable public access to objects in the bucket.

    Image showing browser output

  7. Create a new json file to set up a bucket policy.

    console 
    $ nano public-policy.json

  8. Copy the content below and paste it into the json file.

    json 
    {
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "PublicReadGetObject",
    "Effect": "Allow",
    "Principal": "*",
    "Action": [
        "s3:GetObject"
    ],
    "Resource": [
        "arn:aws:s3:::BUCKET_NAME/*"
    ]
    }
]
}

    Replace BUCKET_NAME with your bucket name. Save and close the file.

    The above S3 bucket policy grants public read-only access to all objects in the bucket. In the above settings:

    • Version: Uses AWS policy format as of 2012-10-17.
    • Statement ID (Sid): Label PublicReadGetObject identifies this rule.
    • Effect: "Allow" grants permission.
    • Principal: "*" allows everyone public access.
    • Action: "s3:GetObject" permits downloading objects.
    • Resource: Applies to all objects in the bucket mentioned in the policy.

  9. Set the bucket policy. Replace BUCKET_NAME with your bucket name.

    console 
    $ s3cmd setpolicy public-policy.json s3://BUCKET_NAME

  10. Verify the bucket policy if needed.

    console 
    $ s3cmd info s3://BUCKET_NAME

  11. Confirm the new policy by accessing the object URL in a browser.

Note
If you want to access objects from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. Refer to the guide on How to Apply CORS Policies to Vultr Object Storage subscription Buckets.

  1. Configure the AWS CLI.

    console 
    $ aws configure --profile my-config

    Follow the prompts and provide Bucket credentials like Access Key, Secret Key, and Default Region. You can retrieve these credentials from Vultr Object Storage subscription Overview page.

  2. Upload a file to the bucket. Replace HOSTNAME with your S3 endpoint hostname, BUCKET_NAME with your bucket name, OBJECT_KEY with the destination key, and LOCAL_FILE_PATH with the local file path.

    console 
    $ aws --endpoint-url https://HOSTNAME --profile my-config s3api put-object --bucket BUCKET_NAME --key OBJECT_KEY --body LOCAL_FILE_PATH

  3. Copy the file URL.

  4. Access the file in a browser. The output displayed in the image below shows that you've not enabled public access to objects in the bucket.

    Image showing browser output

  5. Create a new json file, such as public-policy.json to set up a bucket policy.

    console 
    $ nano public-policy.json

  6. Copy the content below and paste it into the json file.

    json 
    {
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "PublicReadGetObject",
    "Effect": "Allow",
    "Principal": "*",
    "Action": [
        "s3:GetObject"
    ],
    "Resource": [
        "arn:aws:s3:::BUCKET_NAME/*"
    ]
    }
]
}

    Replace BUCKET_NAME with your bucket name. Save and close the file.

  7. Set the policy for the bucket. Replace HOSTNAME with your S3 endpoint hostname and BUCKET_NAME with your bucket name.

    console 
    $ aws --profile my-config --endpoint-url https://HOSTNAME s3api put-bucket-policy --bucket BUCKET_NAME --policy file://public-policy.json

  8. Verify the bucket policy if needed.

    console 
    $ aws --profile my-config --endpoint-url https://HOSTNAME s3api get-bucket-policy --bucket BUCKET_NAME

  9. Confirm the new policy by accessing the object URL in a browser.

Note
If you want to access objects from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. Refer to the guide on How to Apply CORS Policies to Vultr Object Storage subscription Buckets.

Comments