This page shows you how to make objects you own readable to everyone on the public internet. To learn how to access data that has been made public, see Accessing Public Data.
When an object is shared publicly, any user with knowledge of the object URI can access the object for as long as the object is public.
Prerequisites
Prerequisites can vary based on the tool used:
Console
In order to complete this guide using the Google Cloud console, you must have the proper IAM permissions. If the objects or buckets you want to access exist in a project that you did not create, you might need the project owner to give you a role that contains the necessary permissions.
For a list of permissions required for specific actions, see IAM permissions for the Google Cloud console.
For a list of relevant roles, see Cloud Storage roles. Alternatively, you can create a custom role that has specific, limited permissions.
Command line
In order to complete this guide using a command-line utility, you must have the proper IAM permissions. If the objects or buckets you want to access exist in a project that you did not create, you might need the project owner to give you a role that contains the necessary permissions.
For a list of permissions required for specific actions, see IAM permissions for gsutil commands.
For a list of relevant roles, see Cloud Storage roles. Alternatively, you can create a custom role that has specific, limited permissions.
Code samples
In order to complete this guide using the Cloud Storage client libraries, you must have the proper IAM permissions. If the objects or buckets you want to access exist in a project that you did not create, you might need the project owner to give you a role that contains the necessary permissions. Unless otherwise noted, client library requests are made through the JSON API.
For a list of permissions required for specific actions, see IAM permissions for JSON methods.
For a list of relevant roles, see Cloud Storage roles. Alternatively, you can create a custom role that has specific, limited permissions.
REST APIs
JSON API
In order to complete this guide using the JSON API, you must have the proper IAM permissions. If the objects or buckets you want to access exist in a project that you did not create, you might need the project owner to give you a role that contains the necessary permissions.
For a list of permissions required for specific actions, see IAM permissions for JSON methods.
For a list of relevant roles, see Cloud Storage roles. Alternatively, you can create a custom role that has specific, limited permissions.
Make individual objects publicly readable
To make individual objects readable to everyone on the public internet:
Console
- In the Google Cloud console, go to the Cloud Storage Browser page.
Click on the name of the bucket that contains the object you want to make public, and navigate to the object if it's in a subdirectory.
Click the more actions menu (
) associated with the object that you want to make public.
Select Edit access from the drop-down menu.
In the overlay that appears, click the + Add entry button.
Add a permission for allUsers.
- Select Public for the Entity.
- Select allUsers for the Name.
- Select Reader for the Access.
Click Save.
Once public access has been granted, Copy URL appears in the public access column. You can click this button to get the public URL for the object.
To learn how to get detailed error information about failed operations in the Cloud Storage browser, see Troubleshooting.
Command line
Use the gsutil acl ch
command:
gsutil acl ch -u AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
Where:
BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
.OBJECT_NAME
is the name of the object you want to make public. For example,pets/dog.png
.
If successful, the response looks like the following example:
Updated ACL on gs://my-bucket/pets/dog.png
Code samples
For more information, see the
Cloud Storage C++ API reference documentation.
For more information, see the
Cloud Storage C# API reference documentation.
For more information, see the
Cloud Storage Go API reference documentation.
For more information, see the
Cloud Storage Java API reference documentation.
For more information, see the
Cloud Storage Node.js API reference documentation.
For more information, see the
Cloud Storage PHP API reference documentation.
For more information, see the
Cloud Storage Python API reference documentation.
For more information, see the
Cloud Storage Ruby API reference documentation.
C++
C#
Go
Java
Node.js
PHP
Python
Ruby
REST APIs
JSON API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, see API authentication.
Create a JSON file that contains the following information:
{ "entity": "allUsers", "role": "READER" }
Use
cURL
to call the JSON API with anInsert
ACL request:curl -X POST --data-binary @JSON_FILE_NAME \ -H "Authorization: Bearer OAUTH2_TOKEN" \ -H "Content-Type: application/json" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME/acl"
Where:
JSON_FILE_NAME
is the path for the file that you created in Step 2.OAUTH2_TOKEN
is the access token you created in Step 1.BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
.OBJECT_NAME
is the URL-encoded name of the object you want to make public. For example,pets/dog.png
, URL-encoded aspets%2Fdog.png
.
XML API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, see API authentication.
Create a XML file that contains the following information:
<AccessControlList> <Entries> <Entry> <Scope type="AllUsers"/> <Permission>READ</Permission> </Entry> </Entries> </AccessControlList>
Use
cURL
to call the XML API with aSet Object ACL
request:curl -X PUT --data-binary @XML_FILE_NAME \ -H "Authorization: Bearer OAUTH2_TOKEN" \ "https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME?acl"
Where:
XML_FILE_NAME
is the path for the file that you created in Step 2.OAUTH2_TOKEN
is the access token you created in Step 1.BUCKET_NAME
is the name of the bucket containing the object you want to make public. For example,my-bucket
.OBJECT_NAME
is the URL-encoded name of the object you want to make public. For example,pets/dog.png
, URL-encoded aspets%2Fdog.png
.
Make all objects in a bucket publicly readable
To make all objects in a bucket readable to everyone on the public internet:
Console
- In the Google Cloud console, go to the Cloud Storage Browser page.
In the list of buckets, click on the name of the bucket that you want to make public.
Select the Permissions tab near the top of the page.
In the Permissions section, click the + Add button.
The Add principals dialog box appears.
In the New principals field, enter
allUsers
.In the Select a role drop down, enter Storage Object Viewer in the filter box and select the Storage Object Viewer from the filtered results.
Click Save.
Click Allow public access.
Once public access has been granted, Copy URL appears for each object in the public access column. You can click this button to get the public URL for the object.
To learn how to get detailed error information about failed operations in the Cloud Storage browser, see Troubleshooting.
Command line
Use the gsutil iam ch
command:
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
Where BUCKET_NAME
is the name of the bucket whose
objects you want to make public. For example, my-bucket
.
Code samples
For more information, see the
Cloud Storage C++ API reference documentation.
For more information, see the
Cloud Storage Go API reference documentation.
For more information, see the
Cloud Storage Java API reference documentation.
For more information, see the
Cloud Storage Node.js API reference documentation.
For more information, see the
Cloud Storage Python API reference documentation.
For more information, see the
Cloud Storage Ruby API reference documentation.
C++
Go
Java
Node.js
Python
Ruby
Terraform
You can use a Terraform resource to make all objects in a bucket public.
REST APIs
JSON API
- Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials. For instructions, see API authentication.
Create a JSON file that contains the following information:
{ "bindings":[ { "role": "roles/storage.objectViewer", "members":["allUsers"] } ] }
Use
cURL
to call the JSON API with aPUT
Bucket request:curl -X PUT --data-binary @JSON_FILE_NAME \ -H "Authorization: Bearer OAUTH2_TOKEN" \ -H "Content-Type: application/json" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/iam"
Where:
JSON_FILE_NAME
is the path for the file that you created in Step 2.OAUTH2_TOKEN
is the access token you created in Step 1.BUCKET_NAME
is the name of the bucket whose objects you want to make public. For example,my-bucket
.
XML API
Making all objects in a bucket publicly readable is not supported by the XML API. Use gsutil or the JSON API instead.
What's next
- Access data that has been made public.
- Learn about more access control options for your buckets and objects.