Grant public access to individual bucket objects in Amazon Lightsail - Amazon Lightsail

Grant public access to individual bucket objects in Amazon Lightsail

Use individual object access permissions to control public (unauthenticated) read-only access to individual objects in a bucket. You can make individual objects in a bucket private or public (read-only).

Important

Individual object access permissions can be configured only when the access permission of a bucket is set to Individual objects can be made public (read-only). For more information about bucket permission options, see Bucket permissions. For more information about buckets, see Object storage.

We recommend that you configure individual object access permissions only if you have a specific need to do so, such as making only some of the objects in your bucket public while keeping all other objects private. For example, some WordPress plugins require that your bucket allows individual objects to be made public. For more information, see Tutorial: Connect a bucket to your WordPress instance and Tutorial: Use a bucket with a content delivery network distribution.

For more information about permission options, see Bucket permissions. For more information about security best practices, see Security Best Practices for object storage. For more information about buckets, see Object storage.

Configure individual object access permissions

Complete the following procedure to configure access permissions for an individual object in a bucket. For an example IAM policy that grants a user the ability to manage a bucket in Lightsail, see , IAM policy to manage buckets.

  1. Sign in to the Lightsail console.

  2. On the Lightsail home page, choose the Storage tab.

  3. Choose the name of the bucket for which you want to configure access permissions for an individual object.

  4. Choose the Objects tab.

  5. Add a check mark next to the object for which you want to configure an access permission.

    The object information pane displays the current access permissions for the object.

  6. Choose Edit in the Permissions section of the object information pane to change the access permission for the object.

    Note

    If the edit option is not available, then the access permission of your bucket does not allow for individual object access permissions to be configured. To configure individual object access permissions, the bucket access permission must be set to Individual objects can be made public (read-only). For more information, see Configure bucket access permissions.

  7. Choose one of the following options in the Select a permission dropdown menu:

    • Private – The object is readable only by you or anyone you give access to.

    • Public (read-only) – The object is readable by anyone in the world.

  8. Choose Save to save the change. Otherwise, choose Cancel.

    The Bucket access permission setting of the bucket has the following effects on individual object access permissions:

    • If you change the bucket access permission to All objects are private, all objects in the bucket become private even if they were configured with a Public (read-only) individual object access permission. However, individual object access permissions that were configured are retained. For example, if you change the bucket access permission back to Individual objects can be made public (read-only), all objects with a Public (read-only) individual access permission become publicly readable again.

    • If you change the bucket access permission to All objects are public (read-only), all objects in the bucket become public (read-only), even if they were configured with a Private individual object access permission.

      For more information about bucket access permissions, see Configure bucket access permissions.