‹ Return to How tos

Configuring access permissions for individual objects in a bucket in Amazon Lightsail

Last updated: April 14, 2023

Use individual object access permissions to control public (unauthenticated) read-only access to individual objects in a bucket. You can make individual objects in a bucket private or public (read-only).

Important

Individual object access permissions can be configured only when the access permission of a bucket is set to Individual objects can be made public (read-only). For more information about bucket permission options, see Understanding bucket permissions in Amazon Lightsail. For more information about buckets, see Object storage in Amazon Lightsail.

We recommend that you configure individual object access permissions only if you have a specific need to do so, such as making only some of the objects in your bucket public while keeping all other objects private. For example, some WordPress plugins require that your bucket allows individual objects to be made public. For more information, see Tutorial: Connecting a WordPress instance to an Amazon Lightsail bucket and Tutorial: Using an Amazon Lightsail bucket with a Lightsail content delivery network distribution.

For more information about permission options, see Understanding bucket permissions in Amazon Lightsail. For more information about security best practices, see Security Best Practices for Amazon Lightsail object storage. For more information about buckets, see Object storage in Amazon Lightsail.

Configure individual object access permissions

Complete the following procedure to configure access permissions for an individual object in a bucket. For an example IAM policy that grants a user the ability to manage a bucket in Lightsail, see , IAM policy to manage buckets in Amazon Lightsail.

  1. Sign in to the Lightsail console.

  2. On the Lightsail home page, choose the Storage tab.

  3. Choose the name of the bucket for which you want to configure access permissions for an individual object.

  4. Choose the Objects tab.

  5. Add a check mark next to the object for which you want to configure an access permission.

    The object information pane displays the current access permissions for the object.

  6. Choose Edit in the Permissions section of the object information pane to change the access permission for the object.

    Note

    If the edit option is not available, then the access permission of your bucket does not allow for individual object access permissions to be configured. To configure individual object access permissions, the bucket access permission must be set to Individual objects can be made public (read-only). For more information, see Configuring bucket access permissions in Amazon Lightsail.

  7. Choose one of the following options in the Select a permission dropdown menu:

    • Private – The object is readable only by you or anyone you give access to.

    • Public (read-only) – The object is readable by anyone in the world.

  8. Choose Save to save the change. Otherwise, choose Cancel.

    The Bucket access permission setting of the bucket has the following effects on individual object access permissions:

    • If you change the bucket access permission to All objects are private, all objects in the bucket become private even if they were configured with a Public (read-only) individual object access permission. However, individual object access permissions that were configured are retained. For example, if you change the bucket access permission back to Individual objects can be made public (read-only), all objects with a Public (read-only) individual access permission become publicly readable again.

    • If you change the bucket access permission to All objects are public (read-only), all objects in the bucket become public (read-only), even if they were configured with a Private individual object access permission.

      For more information about bucket access permissions, see Configuring bucket access permissions in Amazon Lightsail.

Managing buckets and objects in Lightsail

These are the general steps to manage your Lightsail object storage bucket:

  1. Learn about objects and buckets in the Amazon Lightsail object storage service. For more information, see Object storage in Amazon Lightsail.

  2. Learn about the names that you can give your buckets in Amazon Lightsail. For more information, see Bucket naming rules in Amazon Lightsail.

  3. Get started with the Lightsail object storage service by creating a bucket. For more information, see Creating buckets in Amazon Lightsail.

  4. Learn about security best practices for buckets and the access permissions that you can configure for your bucket. You can make all objects in your bucket public or private, or you can choose to make individual objects public. You can also grant access to your bucket by creating access keys, attaching instances to your bucket, and granting access to other AWS accounts. For more information, see Security Best Practices for Amazon Lightsail object storage and Understanding bucket permissions in Amazon Lightsail.

    After learning about bucket access permissions, see the following guides to grant access to your bucket:

  5. Learn how to enable access logging for your bucket, and how to use access logs to audit the security of your bucket. For more information, see the following guides.

  6. Create an IAM policy that grants a user the ability to manage a bucket in Lightsail. For more information, see IAM policy to manage buckets in Amazon Lightsail.

  7. Learn about the way that objects in your bucket are labeled and identified. For more information, see Understanding object key names in Amazon Lightsail.

  8. Learn how to upload files and manage objects in your buckets. For more information, see the following guides.

  9. Enable object versioning to preserve, retrieve, and restore every version of every object stored in your bucket. For more information, see Enabling and suspending object versioning in a bucket in Amazon Lightsail.

  10. After enabling object versioning, you can restore previous versions of objects in your bucket. For more information, see Restoring previous versions of objects in a bucket in Amazon Lightsail.

  11. Monitor the utilization of your bucket. For more information, see Viewing metrics for your bucket in Amazon Lightsail.

  12. Configure an alarm for bucket metrics to be notified when the utilization of your bucket crosses a threshold. For more information, see Creating bucket metric alarms in Amazon Lightsail.

  13. Change the storage plan of your bucket if it's running low on storage and network transfer. For more information, see Changing the plan of your bucket in Amazon Lightsail.

  14. Learn how to connect your bucket to other resources. For more information, see the following tutorials.

  15. Delete your bucket if you're no longer using it. For more information, see Deleting buckets in Amazon Lightsail.