--- title: Public Read url: https://docs.vultr.com/products/storage/object-storage/advanced/publicread description: Learn how to configure public read access for Vultr Object Storage buckets to share files with anyone on the internet without authentication. publish_date: 2024-10-01T21:22:38.414993Z last_updated: 2026-05-26T19:42:14.959125Z --- # How to Apply a Public Read Policy for Vultr Object Storage Subscription Vultr Object Storage subscription public read setting provides a method for sharing data with anyone on the internet. Setting a bucket access to public allows anyone to retrieve files without authenticating to your subscription. Therefore, only grant access to assets specifically intended for public like static website hosting files. Follow this guide to set Vultr Object Storage subscription to Public Read using `s3cmd` and AWS CLI. === "S3cmd" 1. Deploy [Vultr Object Storage subscription and create a bucket](https://docs.vultr.com/vultr-object-storage). 1. Configure `s3cmd` with Vultr Object Storage subscription. ```console $ s3cmd --configure ``` Follow the prompts and provide Bucket credentials like **Access Key**, **Secret Key**, **Default Region**, and **S3 Endpoint**. You can retrieve these credentials from Vultr Object Storage subscription **Overview** page. 1. Enter the DNS-style template. For example, if you choose the New Jersey location, use `%(bucket)s.ewr1.vultrobjects.com`. ``` DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.ewr1.vultrobjects.com ``` 1. Upload a file to the bucket. Replace `LOCAL_FILE_PATH` with the local file path and `BUCKET_NAME` with your bucket name. ```console $ s3cmd put LOCAL_FILE_PATH s3://BUCKET_NAME/ ``` 1. Copy the file URL. 1. Access the file in a browser. The output displayed in the image below shows that you've not enable public access to objects in the bucket. ![Image showing browser output](https://docs.vultr.com/public/doc-assets/collection-items/626/cc6c2861-8d46-4409-8b1f-96668191e1bd.png) 1. Create a new `json` file to set up a bucket policy. ```console $ nano public-policy.json ``` 1. Copy the content below and paste it into the `json` file. ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME/*" ] } ] } ``` Replace `BUCKET_NAME` with your bucket name. Save and close the file. The above S3 bucket policy grants public read-only access to all objects in the bucket. In the above settings: * `Version`: Uses AWS policy format as of 2012-10-17. * `Statement ID (Sid)`: Label `PublicReadGetObject` identifies this rule. * `Effect`: "Allow" grants permission. * `Principal`: "*" allows everyone public access. * `Action`: "s3:GetObject" permits downloading objects. * `Resource`: Applies to all objects in the bucket mentioned in the policy. 1. Set the bucket policy. Replace `BUCKET_NAME` with your bucket name. ```console $ s3cmd setpolicy public-policy.json s3://BUCKET_NAME ``` 1. Verify the bucket policy if needed. ```console $ s3cmd info s3://BUCKET_NAME ``` 1. Confirm the new policy by accessing the object URL in a browser. > [!NOTE] > If you want to access objects from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. Refer to the guide on [How to Apply CORS Policies to Vultr Object Storage subscription Buckets](https://docs.vultr.com/how-to-apply-cors-policies-to-vultr-object-storage-buckets). === "AWS CLI" 1. Configure the AWS CLI. ```console $ aws configure --profile my-config ``` Follow the prompts and provide Bucket credentials like **Access Key**, **Secret Key**, and **Default Region**. You can retrieve these credentials from Vultr Object Storage subscription **Overview** page. 1. Upload a file to the bucket. Replace `HOSTNAME` with your S3 endpoint hostname, `BUCKET_NAME` with your bucket name, `OBJECT_KEY` with the destination key, and `LOCAL_FILE_PATH` with the local file path. ```console $ aws --endpoint-url https://HOSTNAME --profile my-config s3api put-object --bucket BUCKET_NAME --key OBJECT_KEY --body LOCAL_FILE_PATH ``` 1. Copy the file URL. 1. Access the file in a browser. The output displayed in the image below shows that you've not enabled public access to objects in the bucket. ![Image showing browser output](https://docs.vultr.com/public/doc-assets/collection-items/626/cc6c2861-8d46-4409-8b1f-96668191e1bd.png) 1. Create a new `json` file, such as `public-policy.json` to set up a bucket policy. ```console $ nano public-policy.json ``` 1. Copy the content below and paste it into the `json` file. ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME/*" ] } ] } ``` Replace `BUCKET_NAME` with your bucket name. Save and close the file. 1. Set the policy for the bucket. Replace `HOSTNAME` with your S3 endpoint hostname and `BUCKET_NAME` with your bucket name. ```console $ aws --profile my-config --endpoint-url https://HOSTNAME s3api put-bucket-policy --bucket BUCKET_NAME --policy file://public-policy.json ``` 1. Verify the bucket policy if needed. ```console $ aws --profile my-config --endpoint-url https://HOSTNAME s3api get-bucket-policy --bucket BUCKET_NAME ``` 1. Confirm the new policy by accessing the object URL in a browser. > [!NOTE] > If you want to access objects from another website, you must also apply a CORS (Cross-Origin Resource Sharing) policy. Refer to the guide on [How to Apply CORS Policies to Vultr Object Storage subscription Buckets](https://docs.vultr.com/how-to-apply-cors-policies-to-vultr-object-storage-buckets).