AWS's latest S3 Block Public Access feature

AWS's latest S3 Block Public Access feature

AWS has introduced a feature that Blocks Public Access to S3 buckets.

The new feature will allow users of Amazon S3 to block public access to newly created items and to the items with existing public access enabled with ACL or a policy. The goal is to block unintentional access to S3 data.

The feature will work at the account level as well as at the level of individual S3 buckets. It can be accessed using CLI, S3 API, S3 Console and within CloudFormation templates.

Notably, AWS already previously introduced Public indicator next to S3 bucket items/objects with public access.

We want to make sure that you use public buckets and objects as needed while giving you tools to make sure that you don’t make them publicly accessible due to a simple mistake or misunderstanding.

Chief Evangelist for AWS, Jeff Bar in the blog post said, "Newly created Amazon S3 buckets and objects are (and always have been) private and protected by default, with the option to use Access Control Lists (ACLs) and bucket policies to grant access to other AWS accounts or to public (anonymous) requests. The ACLs and policies give you lots of flexibility. You can grant permissions to multiple accounts, restrict access to specific IP addresses, require the use of Multi-Factor Authentication (MFA), allow other accounts to upload new objects to a bucket, and much more." he further added, "We want to make sure that you use public buckets and objects as needed while giving you tools to make sure that you don’t make them publicly accessible due to a simple mistake or misunderstanding."

Now there are two options for managing public ACLs and two for managing public bucket policies. Below is the list of S3 APIs that can be used for this new security feature,
  • GetPublicAccessBlock – Retrieve the public access block options for an account or a bucket.
  • PutPublicAccessBlock – Set the public access block options for an account or a bucket.
  • DeletePublicAccessBlock – Remove the public access block options from an account or a bucket.
  • GetBucketPolicyStatus – See if the bucket access policy is public or not.
The feature is available immediately in all AWS regions.
The detailed blog post can be referred here.

PC:pablo,unplash

Note: We at TechSutram take our ethics very seriously. More information about it can be found here.
Mandar Pise Opinions expressed by techsutram contributors are their own. More details

Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.

No comments:

Post a Comment

    Your valuable comments are welcome. (Moderated)