| Feature | Requirement for Audio Streaming |
|---|---|
| Action | s3:GetObject |
| Principal | * (for public) or specific CloudFront OAI |
| CORS Configuration | Required for web-based HTML5 players |
| Content-Type | audio/mpeg, audio/wav, or audio/ogg |

What is an S3 Bucket Policy for Audio Streaming?
An S3 bucket policy for audio streaming is a JSON-based access control policy that defines who can retrieve your audio files from Amazon S3. Without the correct policy, your web player will likely encounter 403 Forbidden errors.
When “AWS S3 Audio Not Working” occurs, it is usually because the bucket blocks public access or the IAM permissions do not allow the s3:GetObject action. This policy acts as a gatekeeper, ensuring your website or app can fetch and play the media files.
Streaming specifically requires the player to fetch byte-ranges of the file. If your bucket policy or CORS settings are misconfigured, the browser’s audio tag will fail to initialize the stream, leading to a broken playback experience.
Step-by-Step Solutions
1. Disable Block Public Access
If you want your audio files to be globally accessible via a URL, you must first disable the “Block Public Access” settings on the S3 bucket. Amazon enables these by default for security.
Navigate to the Permissions tab of your bucket, locate Block public access (bucket settings), and click Edit. Uncheck all boxes and save changes.
2. Apply the Public Read Policy
To allow users to stream audio, you need to grant read-only access to the objects inside the bucket. Use the following policy structure in the Bucket Policy editor:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
}
]
}
3. Configure CORS (Cross-Origin Resource Sharing)
Web-based audio players (like those in Chrome or Firefox) often request audio files from a different domain than where the S3 bucket resides. This requires a CORS configuration.
In the S3 Permissions tab, scroll down to Cross-origin resource sharing (CORS) and paste the following:
[
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["GET", "HEAD"],
"AllowedOrigins": ["*"],
"ExposeHeaders": ["ETag", "Content-Type", "Accept-Ranges", "Content-Length"]
}
]
4. Verify Metadata and Content-Type
If the policy is correct but the audio still won’t play, check the Content-Type of your files. S3 sometimes defaults to binary/octet-stream for uploaded files.
For audio to stream correctly in a browser, the metadata must be set to audio/mpeg (for MP3) or audio/wav. You can update this manually in the S3 console under the Properties tab of the specific object.