Welcome to Amazon S3
Introduction to Amazon S3
Making Requests
- Making Requests using AWS SDKs
- Making Requests using the REST API
Working with Amazon S3 Buckets
- Bucket Restrictions and Limitations
- Bucket Configuration Options
  - Buckets and Regions
- Managing Bucket Website Configuration
- Requester Pays Buckets
  - Configure Requester Pays by Using the Amazon S3 Console
  - Configure Requester Pays Using REST API
- Buckets and Access Control
- Billing and Reporting of Buckets
Working with Amazon S3 Objects
- Object Key and Metadata
- Object Subresources
- Object Versioning
- Object Lifecycle Management
- Enabling Cross-Origin Resource Sharing
- Operations on Objects
  - Multipart Upload Overview
- Getting Objects
- Uploading Objects
- Copying Objects
  - Copying Objects in a Single Operation
  - Copying Objects Using the Multipart Upload API
- Listing Object Keys
- Deleting Objects
  - Deleting One Object Per Request
  - Deleting Multiple Objects Per Request
- Restoring Objects
Access Control
- Using IAM Policies
  - An Example: Using IAM policies to control access to your bucket
- Using Bucket Policies
- Using ACLs
- Using ACLs and Bucket Policies Together
- Using Query String Authentication
Data Protection
- Using Data Encryption
  - Using Server-Side Encryption
  - Using Client-Side Encryption
    - Specifying Client-Side Encryption Using the AWS SDK for Java
      - Customizing Your Client-Side Encryption Environment
- Using Reduced Redundancy Storage
  - Setting the Storage Class of an Object You Upload
  - Changing the Storage Class of an Object in Amazon S3
    - Return Code For Lost Data
- Using Versioning
Hosting a Static Website on Amazon S3
- Website Endpoints
- Configure a Bucket for Website Hosting
- Example Walkthroughs
  - Example: Setting Up a Static Website
  - Example: Setting Up a Static Website Using a Custom Domain
Setting Up Notification of Bucket Events
Request Routing
- Request Redirection and the REST API
- DNS Considerations
Performance Optimization
- TCP Window Scaling
- TCP Selective Acknowledgement
Using BitTorrent with Amazon S3
- How You are Charged for BitTorrent Delivery
- Using BitTorrent to Retrieve Objects Stored in Amazon S3
- Publishing Content Using Amazon S3 and BitTorrent
Using Amazon DevPay with Amazon S3
- Amazon S3 Customer Data Isolation
- Amazon DevPay Token Mechanism
- Amazon S3 and Amazon DevPay Authentication
- Amazon S3 Bucket Limitation
- Amazon S3 and Amazon DevPay Process
- Additional Information
Handling Errors
- The REST Error Response
  - Error Response
- The SOAP Error Response
- Amazon S3 Error Best Practices
Server Access Logging
- Server Access Logging Configuration API
- Delivery of Server Access Logs
- Server Access Log Format
- Setting Up Server Access Logging
Using the AWS SDKs and Explorers
- Using the AWS SDK for Java
- Using the AWS SDK for .NET
- Using the AWS SDK for PHP
- Using the AWS SDK for Ruby
- Using the AWS SDK for Python (Boto)
Appendices
- Appendix A: The Access Policy Language
- Appendix B: Using the SOAP API
Amazon S3 Resources
Document History
Glossary
Index

AWS Documentation » Amazon Simple Storage Service (S3) » Developer Guide » Hosting a Static Website on Amazon S3 » Configure a Bucket for Website Hosting » Permissions Required for Website Access	« Previous Next »
	Did this page help you? Yes \| No \| Tell us about it...

Permissions Required for Website Access

When you configure a bucket as a website, you must make the objects that you want to serve publicly readable. To do so, you write a bucket policy that grants everyone s3:GetObject permission. On the website endpoint, if a user requests an object that does not exist, Amazon S3 returns HTTP response code 404 (Not Found). If the object exists but you have not granted read permission on the object, the website endpoint returns HTTP response code 403 (Access Denied). The user can use the response code to infer if a specific object existsor not. If you do not want this behavior, you should not enable website support for your bucket.

The following sample bucket policy grants everyone access to the objects in the specified folder. For more information on bucket policies, see Using Bucket Policies.

{
  "Version":"2008-10-17",
  "Statement":[{
	"Sid":"PublicReadGetObject",
        "Effect":"Allow",
	  "Principal": {
            "AWS": "*"
         },
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::example-bucket/*"
      ]
    }
  ]
}

Note

The bucket policy applies only to objects owned by the bucket owner. If your bucket contains objects not owned by the bucket owner, then public READ permission on those objects should be granted using the object ACL.

You can grant public read permission to your objects by using either a bucket policy or an object ACL. To make an object publicly readable using an ACL, you grant READ permission to the AllUsers group as shown in the following grant element. You add this grant element to the object ACL. For information on managing ACLs, see Using ACLs .

<Grant>
  <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:type="Group">
    <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
  </Grantee>
  <Permission>READ</Permission>
</Grant>

Document Conventions	« Previous Next »
Terms of Use	Did this page help you? Yes \| No \| Tell us about it...

Warning

Javascript is disabled or is unavailable in your browser.
To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.