15 lines
951 B
Plaintext
15 lines
951 B
Plaintext
By default S3 buckets are private, it means that only the bucket owner can access it.
|
|
|
|
This access control can be relaxed with ACLs or policies.
|
|
|
|
To prevent permissive policies or ACLs to be set on a S3 bucket the following booleans settings can be enabled:
|
|
|
|
* `blockPublicAcls`: to block or not public ACLs to be set to the S3 bucket.
|
|
* `ignorePublicAcls`: to consider or not existing public ACLs set to the S3 bucket.
|
|
* `blockPublicPolicy`: to block or not public policies to be set to the S3 bucket.
|
|
* `restrictPublicBuckets`: to restrict or not the access to the S3 endpoints of public policies to the principals within the bucket owner account.
|
|
|
|
The other attribute `BlockPublicAccess.BLOCK_ACLS` only turns on `blockPublicAcls` and `ignorePublicAcls`. The public policies can still affect the S3 bucket.
|
|
|
|
|
|
However, all of those options can be enabled by setting the `blockPublicAccess` property of the S3 bucket to `BlockPublicAccess.BLOCK_ALL`. |