Configuring bucket access permissions in Amazon Lightsail
Last updated: March 9, 2022
Use bucket access permissions to control public (unauthenticated) read-only access to objects in a bucket. You can make a bucket private or public (read-only). You can also make a bucket private, while having the option to make individual objects public (read-only).
Important
When you make a bucket public (read-only), you make all objects in the bucket readable by anyone on the internet through the bucket's URL (for example,
https://DOC-EXAMPLE-BUCKET.us-east-1.amazonaws.com/media/sailbot.jpg
). Don't make a bucket public (read-only) if you don't want anyone on the internet to have access to your objects.
For more information about permission options, see Understanding bucket permissions in Amazon Lightsail. For more information about security best practices, see Security Best Practices for Amazon Lightsail object storage. For more information about buckets, see Object storage in Amazon Lightsail.
Important
Lightsail object storage resources take into account both Lightsail bucket access permissions and Amazon S3 account-level block public access configurations when allowing or denying public access. For more information, see Block public access for buckets in Amazon Lightsail.
Configure bucket access permissions
Complete the following procedure to configure access permissions for a bucket.
Sign in to the Lightsail console.
On the Lightsail home page, choose the Storage tab.
Choose the name of the bucket for which you want to configure access permissions.
Choose the Permissions tab.
The Bucket access permissions section of the page displays the currently configured access permission for the bucket.
Choose Change permission to change the bucket access permissions.
Choose one of the following options:
All objects are private – All objects in the bucket are readable only by you or anyone you give access to.
Individual objects can be made public (read-only) – Objects in the bucket are readable only by you or anyone you give access to, unless you specify an individual object to be public (read-only). For more information about individual object access permissions, see Configuring access permissions for individual objects in a bucket in Amazon Lightsail.
We recommend that you select the Individual objects can be made public (read-only) option only if you have a specific need to do so, such as making only some of the objects in your bucket public while keeping all other objects private. For example, some WordPress plugins require that your bucket allows individual objects to be made public. For more information, see Tutorial: Connecting a WordPress instance to an Amazon Lightsail bucket and Tutorial: Using an Amazon Lightsail bucket with a Lightsail content delivery network distribution.
All objects are public (read-only) – All objects in the bucket are readable by anyone on the internet.
Important
When you make a bucket public (read-only), you make all objects in the bucket readable by anyone on the internet through the bucket's URL (for example,
https://DOC-EXAMPLE-BUCKET.us-east-1.amazonaws.com/media/sailbot.jpg
). Don't make a bucket public (read-only) if you don't want anyone on the internet to have access to your objects.
Choose Save to save the change. Otherwise, choose Cancel.
The following changes are implemented depending on which bucket access permission you change to:
All objects are private - All objects in the bucket become private even if they were previously configured with a Public (read-only) individual object access permission.
Individual objects can be made public (read-only) - Objects that were previously configured with a Public (read-only) individual object access permission become public. You can now configure individual object access permissions for objects.
All objects are public (read-only) - All objects in the bucket become public (read-only) even if they were previously configured with a Private individual object access permission.
For more information about individual object access permissions, see Configuring access permissions for individual objects in a bucket in Amazon Lightsail.
Managing buckets and objects in Lightsail
These are the general steps to manage your Lightsail object storage bucket:
Learn about objects and buckets in the Amazon Lightsail object storage service. For more information, see Object storage in Amazon Lightsail.
Learn about the names that you can give your buckets in Amazon Lightsail. For more information, see Bucket naming rules in Amazon Lightsail.
Get started with the Lightsail object storage service by creating a bucket. For more information, see Creating buckets in Amazon Lightsail.
Learn about security best practices for buckets and the access permissions that you can configure for your bucket. You can make all objects in your bucket public or private, or you can choose to make individual objects public. You can also grant access to your bucket by creating access keys, attaching instances to your bucket, and granting access to other AWS accounts. For more information, see Security Best Practices for Amazon Lightsail object storage and Understanding bucket permissions in Amazon Lightsail.
After learning about bucket access permissions, see the following guides to grant access to your bucket:
Learn how to enable access logging for your bucket, and how to use access logs to audit the security of your bucket. For more information, see the following guides.
Access logging for buckets in the Amazon Lightsail object storage service
Access log format for a bucket in the Amazon Lightsail object storage service
Enabling access logging for a bucket in the Amazon Lightsail object storage service
Using access logs for a bucket in Amazon Lightsail to identify requests
Create an IAM policy that grants a user the ability to manage a bucket in Lightsail. For more information, see IAM policy to manage buckets in Amazon Lightsail.
Learn about the way that objects in your bucket are labeled and identified. For more information, see Understanding object key names in Amazon Lightsail.
Learn how to upload files and manage objects in your buckets. For more information, see the following guides.
Enable object versioning to preserve, retrieve, and restore every version of every object stored in your bucket. For more information, see Enabling and suspending object versioning in a bucket in Amazon Lightsail.
After enabling object versioning, you can restore previous versions of objects in your bucket. For more information, see Restoring previous versions of objects in a bucket in Amazon Lightsail.
Monitor the utilization of your bucket. For more information, see Viewing metrics for your bucket in Amazon Lightsail.
Configure an alarm for bucket metrics to be notified when the utilization of your bucket crosses a threshold. For more information, see Creating bucket metric alarms in Amazon Lightsail.
Change the storage plan of your bucket if it's running low on storage and network transfer. For more information, see Changing the plan of your bucket in Amazon Lightsail.
Learn how to connect your bucket to other resources. For more information, see the following tutorials.
Delete your bucket if you're no longer using it. For more information, see Deleting buckets in Amazon Lightsail.