Configuring S3 Block Public Access
Configure S3 Block Public Access
With just a few selects in the S3 management console, you can apply S3 Block Public Access to any bucket in your account – both existing buckets and any buckets any new ones created in the future – while ensuring that there is no public access to any objects. S3 Block Public Access settings replace the S3 permission for public access, making it easy for account administrators to set up centralized controls to prevent changes in security configurations, no matter how the added object or how to create a storage area.
Practice
-
Access to S3
- Select sid-security-xxxxxxxx
-
Select Permissions
- In the Bucket Policy section, select Delete
- Fill in Delete and select Delete to confirm the deletion.
-
In the Block public access (bucket settings) section
- Select Edit
-
Make edits
- Select Block public access to buckets and objects granted through new access control lists (ACLs)
- Select Save changes
- Fill in confirm and then select Confirm
- After the change, we observe that Block all public access is On
- Return to SSH interface
aws s3api put-object --key text01 --body textfile --profile user1 --bucket ${bucket}
The request succeeds because default for an ACL object is private.
- Continue running the command
aws s3api put-object --key text01 --body textfile --acl public-read --profile user1 --bucket ${bucket}
The request failed because group policy restricts the ACL from being read publicly.
-
Perform access to S3
- Select Buckets
- Select sid-security-xxx bucket
-
In the exchange bucket
- Select Permissions
- For Block public access (bucket settings), select Edit
-
Make edits
- Select Block public access to buckets and objects granted through new access control lists (ACLs)
- Select Save changes
- Fill in confirm and select Confirm
- Finish editing.
