Grant read-only access to Lightsail buckets across AWS accounts
Use cross-account access to grant read-only access to all objects in a bucket for other
AWS accounts and their users. Cross-account access is ideal if you want to share objects with
another AWS account. When you grant cross-account access to another AWS account, users in
that account have read-only access to objects in a bucket through the URL of the bucket and
objects (for example,
https://amzn-s3-demo-bucket.us-east-1.amazonaws.com/media/sailbot.jpg
). You can
give bucket access to a maximum of 10 AWS accounts.
For more information about permission options, see Bucket permissions. For more information about security best practices, see Security Best Practices for object storage. For more information about buckets, see Object storage.
Configure cross-account access for a bucket
Complete the following procedure to configure cross-account access for a bucket.
-
Sign in to the Lightsail console
. -
In the left navigation pane, choose Storage.
-
Choose the name of the bucket for which you want to configure cross-account access.
-
Choose the Permissions tab.
The Cross-account access section of the page displays the AWS account IDs that are currently configured to access the bucket, if any.
-
Choose Add cross-account access to grant access to the bucket for another AWS account.
-
Enter the ID of the AWS account for which you want to grant access in the Account ID text box.
-
Choose Save to grant access. Otherwise, choose Cancel.
The AWS account ID you added is listed in the Cross-account access section of the page. To remove cross-account access for an AWS account, choose the delete (trash can) icon next to the AWS account ID that you want to remove.