17 lines
959 B
Plaintext
17 lines
959 B
Plaintext
By default S3 buckets are private, it means that only the bucket owner can access it.
|
|
|
|
This access control can be relaxed with ACLs or policies.
|
|
|
|
|
|
To prevent permissive policies to be set on a S3 bucket the following booleans settings can be enabled:
|
|
|
|
* `block_public_acls`: to block or not public ACLs to be set to the S3 bucket.
|
|
* `ignore_public_acls`: to consider or not existing public ACLs set to the S3 bucket.
|
|
* `block_public_policy`: to block or not public policies to be set to the S3 bucket.
|
|
* `restrict_public_buckets`: to restrict or not the access to the S3 endpoints of public policies to the principals within the bucket owner account.
|
|
|
|
The other attribute `BlockPublicAccess.BLOCK_ACLS` only turns on `block_public_acls` and `ignore_public_acls`. The public policies can still affect the S3 bucket.
|
|
|
|
|
|
However, all of those options can be enabled by setting the `block_public_access` property of the S3 bucket to `BlockPublicAccess.BLOCK_ALL`.
|