try this policy ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::instagramclone123/*" ] } ] } ```
1. Go to the “Properties” tab of your bucket 2. Click on Edit in the “Static website hosting” and choose Enable. 3. From there, select “Use this bucket to host a website” and enter the “Index document” and “Error document” fields.
Once you’ve completed these steps, your S3 bucket should be publicly accessible. You can test this by visiting the bucket’s URL in your web browser.

TLDR To create a bucket nowadays (alternative to acl `public-read` option): ``` #!/bin/bash
bucket_name="my-unique-name" aws s3api create-bucket --bucket "${bucket_name}" > /dev/null # 1 aws s3api put-public-access-block --bucket "${bucket_name}" --public-access-block-configuration "BlockPublicPolicy=false" # 2 aws s3api put-bucket-policy --bucket "${bucket_name}" --policy '{ "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::'"${bucket_name}"'/*" ] } ] }' # 3 ``` **What changed**?

1 - Since [25.04.2023][1] Amazon changed default settings for newly created buckets. The ACL on buckets was considered as wrong practice ([here][2] is some nice post about that). To discourage using them the option **BucketOwnerEnforced** started to be the default one.
> BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer affect permissions. The bucket owner automatically owns and has full control over every object in the bucket. The bucket only accepts PUT requests that don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format.
``` $ aws s3api get-bucket-ownership-controls --bucket "${bucket_name}"
{ "OwnershipControls": { "Rules": [ { "ObjectOwnership": "BucketOwnerEnforced" } ] } } ```
2 - Without **BlockPublicPolicy** we won't be able to set public access to the bucket. In case of acl `authenticated-read` (not 100% sure thought) make sure [RestrictPublicBuckets][3] is set to false as well.
3 - For `public` or `write` acl, policy needs to be changed accordingly (**PutObject**)
Of course nothing stops you for using ACL, what you need to do is set **BucketOwnerPreferred** or **ObjectWriter** for your bucket.
``` $ aws s3api put-bucket-ownership-controls --bucket "${bucket_name}" --ownership-controls="Rules=[{ObjectOwnership=BucketOwnerPreferred}]" $ aws s3api put-bucket-acl --bucket "${bucket_name}" --acl public-read ```

[1]: https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/ [2]: https://www.puppeteers.net/blog/how-to-disable-s3-bucket-acls/ [3]: https://docs.aws.amazon.com/cli/latest/reference/s3api/put-public-access-block.html#options