Revisit Amazon Web Services re:Invent 2024’s biggest moments and watch keynotes and innovation talks on demand
Activate it now! Block all public access to your S3 data, now and in the future.
Store your data in Amazon S3 and secure it from unauthorized access with S3 Block Public Access. Amazon S3 is the only object storage service that allows you to block public access to all of your objects at the bucket or the account level, now and in the future by using S3 Block Public Access. This feature is available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.
To ensure that public access to all your S3 buckets and objects is blocked, turn on block all public access. These settings apply account-wide for all current and future buckets. With a few clicks in the S3 management console, you can apply S3 Block Public Access to every bucket in your account – both existing and any new buckets created in the future – and make sure that there is no public access to any object.
In addition to Block Public Access, it is recommended that you setup default encryption for S3 buckets.
S3 Block Public Access
S3 Block Public Access provides controls across an entire Amazon Web Services Account or at the individual S3 bucket level to ensure that objects never have public access, now and in the future.
Public access is granted to buckets and objects through access control lists (ACLs), bucket policies, or both. In order to ensure that public access to all your S3 buckets and objects is blocked, turn on block all public access at the account level. These settings apply account-wide for all current and future buckets.
Amazon Web Services recommends that you turn on Block all public access, but before applying any of these settings, ensure that your applications will work correctly without public access. If you require some level of public access to your buckets or objects, you can customize the individual settings below to suit your specific storage use cases.
S3 Block Public Access settings override S3 permissions that allow public access, making it easy for the account administrator to set up a centralized control to prevent variation in security configuration regardless of how an object is added or a bucket is created.
If an object is written to an Amazon Web Services Account or S3 bucket with S3 Block Public Access enabled, and that object specifies any type of public permissions via ACL or policy, those public permissions are blocked.
In addition to the S3 console, you can enable S3 Block Public Access via the Amazon CLI, SDKs, or REST APIs. Detailed instructions for either option are available in the S3 Block Public Access documentation. Remember that you can always check for public buckets in the S3 Console (we flag buckets with objects containing public permissions prominently there), and you can also use Amazon Trusted Advisor’s S3 Bucket Permissions Check to notify you of any open buckets at no cost to you.
Learn how to turn S3 Block Public Access on.
Request to get access to an Amazon Web Services account.
Get started building with Amazon S3 in the Amazon Web Services Management Console.
Intended Usage and Restrictions
Your use of this service is subject to the Amazon Web Services Customer Agreement.