Fixing Laravel S3 Bucket Public URL: Correct AWS Policy and Hosting Setup

Learn how to configure your AWS S3 bucket and Laravel correctly to generate accessible public URLs, avoiding common 403 Forbidden errors.
---
This video is based on the question https://stackoverflow.com/q/79363229/ asked by the user 'randeepsarma24' ( https://stackoverflow.com/u/14120802/ ) and on the answer https://stackoverflow.com/a/79364101/ provided by the user 'Denis Sinyukov' ( https://stackoverflow.com/u/19045519/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Why is my laravel s3 bucket publicly accessible url not working?

Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/l...
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license.

If anything seems off to you, please feel free to drop me a comment under this video.
---
Understanding the Problem

When you upload files to an AWS S3 bucket via Laravel and specify public visibility, you expect to access these files through a public URL. However, receiving a 403 Forbidden response often points to issues with bucket policies, access controls, or URL misconfigurations.

Why the Default Bucket Policy Fails

Your current bucket policy allows all s3:* actions on instagramclone123/*, but this is overly broad and can be problematic. Specifically:

It grants all S3 actions (including write, delete, etc.) to everyone, which is a security risk.

It may conflict with AWS permissions designed to restrict access.

Without the right GetObject permission explicitly allowed for public users, files cannot be publicly read.

Correct Approach: Public Read-Only Policy

To enable public read access to files:

[[See Video to Reveal this Text or Code Snippet]]

This policy allows anyone to read objects (s3:GetObject) but nothing else.

Steps to Enable Public Access in AWS S3

Update Bucket Policy

Replace your existing overly permissive policy with the above public read-only one.

Enable Static Website Hosting (Optional but Helpful for Public URLs)

Go to your S3 bucket in AWS Management Console.

Select the Properties tab.

Scroll to Static website hosting, click Edit, and enable it.

Choose "Use this bucket to host a website".

Set an Index document (usually index.html) and an Error document if needed.

Laravel Storage & URL Setup

When uploading files:

[[See Video to Reveal this Text or Code Snippet]]

To retrieve the public URL:

[[See Video to Reveal this Text or Code Snippet]]

Make sure you are not using local storage URLs (http://localhost:8000/storage/...) for S3 files. Instead, always use the URL provided by Storage::disk('s3')->url() which points directly to AWS.

Additional Tips

Avoid using local storage URLs for S3 assets; those point to your local filesystem.

Do not mix the local public/storage symlink with S3 URLs—they are for different storage drivers.

Confirm that your bucket Block Public Access settings allow public reads.

Ensure the uploaded object ACL is set to public-read.

Summary

By tightening your S3 bucket policy for public read access, enabling static website hosting (optional), and correctly obtaining URLs from Laravel's S3 disk driver, you can serve uploaded files publicly without encountering 403 errors.