Posted On: Nov 15, 2018

With the introduction of Amazon S3 Block Public Access, securing your S3 data has never been easier. With a few clicks in the S3 management console, you can apply S3 Block Public Access to every bucket in your account – both existing and any new buckets created in the future – and make sure that there is no public access to any object. By default, new S3 bucket settings do not allow public access, but customers can modify these settings to grant public access using policies or object-level permissions. The Amazon S3 Block Public Access settings override S3 permissions that allow public access, making it easy for the account administrator to set up a centralized control to prevent variation in security configuration regardless of how an object is added or a bucket is created. These settings are auditable, providing a further layer of control, using AWS Trusted Advisor bucket permission checks, AWS CloudTrail logs, and Amazon CloudWatch.

Once a customer enables the Amazon S3 Block Public Access settings, they make sure that existing and newly created resources block policies or ACLs that allow public access. For example, an administrator can now block public access at the account level to prevent their developers from granting public access to any S3 bucket or object within that account. Alternatively, they could apply the Amazon S3 Block Public Access settings to an individual bucket to prevent public access to any new objects within that bucket. AWS recommends setting S3 Block Public Access settings to any S3 bucket or AWS account that does not require public access.

You can use Amazon S3 Block Public Access in AWS China (Beijing) region, operated by Sinnet, and in AWS China (Ningxia) region, operated by NWCD. 

Please visit the Amazon S3 Developer Guide to learn more about Amazon S3 Block Public Access.

These features are available today through the AWS Management Console, AWS CLI, or AWS SDK.