13 days ago
Hi Railway Team,
I am using Railway’s built-in S3-compatible storage (Tigris) via the provided
credentials and endpoint (t3.storageapi.dev).
I am successfully uploading objects using the AWS SDK with:
- ACL: public-read
- Correct Content-Type
- Correct object key
- Correct public URL format
Upload succeeds without error, but accessing the object directly via browser
always returns:
AccessDenied (anonymous GetObject)
Example URL:
Important details:
- I do NOT have access to the bucket console or bucket policy
- I only have credentials (access key, secret, endpoint)
- Signed URLs work correctly (temporary access)
- Direct public access never works, even with public-read ACL
My question:
1. Does Railway/Tigris block public bucket access at the bucket policy level by default?
2. Are object ACLs intentionally ignored or overridden?
3. Is there any supported way to allow permanent public access to objects?
4. If not, is Railway S3 intended to be private-only storage?
I want to confirm whether infinite public URLs are supported or impossible
with Railway’s S3 storage.
Thanks!
1 Replies
13 days ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • 13 days ago
13 days ago
Hey,
Yes, railway currently does not have public bucket support. Hence changing ACL rules etc won't have any effect.
You can have a backend handle all the access to the bucket. Essentially acting as a proxy and handling permissions etc. You can also make presigned URLs and simply renew them every X time.
At the moment it is intended to be private, but if I recall correctly, it will support public buckets in the future potentially. There are concerns about moderation etc.