How to Set Vultr Object Storage Buckets to Public Read

Updated on October 1, 2024

Vultr Object Storage configured for public read access provides a method for sharing data with anyone on the internet. Vultr's Object Storage service allows users to set their buckets to be publicly accessible, enabling easy retrieval of stored files. However, it is crucial to recognize the security implications of this configuration.

Follow this guide to set Vultr Object Storage to Public Read using s3cmd and AWS CLI

  • S3cmd
  • AWS CLI
  1. Deploy a Vultr S3 object storage and create a bucket.

  2. Configure s3cmd with Vultr Object Storage.

    console
    $ s3cmd --configure
    

    Follow the prompts and provide Bucket credentials like Access Key, Secret Key, Default Region and S3 Endpoint. These credentials can be retrieved from the overview page of the Vultr Object Storage.

  3. Enter the DNS-style template. For example, if you choose the New Jersey location, use %(bucket)s.ewr1.vultrobjects.com.

    DNS-style bucket+hostname:port template for accessing a 
    bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.ewr1.vultrobjects.com
  4. Upload a file in the bucket.

    console
    $ s3cmd put /<local-file-location> s3://<your-bucket-name>/
    
  5. Copy the URL and access the file in a browser.

    Copy URL to access the file

    The output displayed in the below image shows that public access to objects in the bucket is not enabled.

    Image showing browser output

  6. Create a new json file to set up a bucket policy.

    console
    $ nano public-policy.json
    
  7. Copy and paste the below content into the file.

    json
    {
    "Version": "2012-10-17",
    "Statement": [
        {
        "Sid": "PublicReadGetObject",
        "Effect": "Allow",
        "Principal": "*",
        "Action": [
            "s3:GetObject"
        ],
        "Resource": [
            "arn:aws:s3:::<your-bucket-name>/*"
        ]
        }
    ]
    }
    

    Save and close the file.

    The above S3 bucket policy grants public read-only access to all objects in the bucket publicstorage1245. Here's the breakdown:

    • Version: Uses AWS policy format as of 2012-10-17.
    • Statement ID (Sid): Label PublicReadGetObject identifies this rule.
    • Effect: "Allow" grants permission.
    • Principal: "*" allows anyone (public) access.
    • Action: "s3:GetObject" permits downloading objects.
    • Resource: Applies to all objects in the bucket mentioned in the policy.
  8. Set the policy for the bucket.

    console
    $ s3cmd setpolicy public-policy.json s3://<your-bucket-name>
    
  9. Optional: Check the policy applied to the bucket.

    console
    $ s3cmd info s3://<your-bucket-name>
    
  10. Confirm the application of policy by accessing the object URL in a browser.

Note
If objects are being accessed from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. For guidance, refer to How to Apply CORS Policies to Vultr Object Storage Buckets in the Vultr documentation.
  1. Configure the AWS CLI.

    console
    $ aws configure --profile my-config
    

    Follow the prompts and provide Bucket credentials like Access Key, Secret Key, and Default Region. These credentials can be retrieved from the overview page of the Vultr Object Storage.

  2. Upload a file in the bucket.

    console
    $ aws --endpoint-url https://<your-hostname> --profile my-config s3api put-object --bucket <your-bucket-name> --key <remote-filename> --body <local-file-location>
    
  3. Copy the URL and access the file in a browser.

    Copy URL to access the file

    The output displayed in the below image shows that public access to objects in the bucket is not enabled.

    Image showing browser output

  4. Create a new json file to set up a bucket policy.

    console
    $ nano public-policy.json
    
  5. Copy and paste the below content into the file.

    json
    {
    "Version": "2012-10-17",
    "Statement": [
        {
        "Sid": "PublicReadGetObject",
        "Effect": "Allow",
        "Principal": "*",
        "Action": [
            "s3:GetObject"
        ],
        "Resource": [
            "arn:aws:s3:::<your-bucket-name>/*"
        ]
        }
    ]
    }
    

    Save and close the file.

  6. Set the policy for the bucket using AWS CLI.

    console
    $ aws --profile my-config --endpoint-url https://<your-hostname> s3api put-bucket-policy --bucket <your-bucket-name> --policy file://public-policy.json
    
  7. Optional: Check the policy applied to the bucket.

    console
    $ aws --profile my-config --endpoint-url https://<your-hostname> s3api get-bucket-policy --bucket <your-bucket-name>
    
  8. Confirm the application of policy by accessing the object URL in a browser.

Note
If objects are being accessed from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. For guidance, refer to How to Apply CORS Policies to Vultr Object Storage Buckets in the Vultr documentation.