AWS Amazon S3 Bucket Public Access Block

This page shows how to write Terraform and CloudFormation for Amazon S3 Bucket Public Access Block and write them securely.

aws_s3_bucket_public_access_block (Terraform)

The Bucket Public Access Block in Amazon S3 can be configured in Terraform with the resource name aws_s3_bucket_public_access_block. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

aws_s3_bucket_public_access_block.tf#L2
resource "aws_s3_bucket_public_access_block" "s3_access_logs" {
  bucket                  = aws_s3_bucket.s3_access_logs.id
  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
test.tf#L5
resource "aws_s3_bucket_public_access_block" "mycompliants6281_publicaccess" {
  bucket = aws_s3_bucket.mycompliants6281.id

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
s3.tf#L85
resource "aws_s3_bucket_public_access_block" "prod_media" {
  bucket                  = aws_s3_bucket.prod_media.id
  block_public_acls       = true
  ignore_public_acls      = true
  block_public_policy     = true
  restrict_public_buckets = true
S3.tf#L21
resource "aws_s3_bucket_public_access_block" "block_main_bucket" {
  bucket = aws_s3_bucket.main_bucket.id
  block_public_acls   = true
  block_public_policy = true
  ignore_public_acls = true
  restrict_public_buckets = true
main.tf#L21
resource "aws_s3_bucket_public_access_block" "access_good_1" {
  bucket = aws_s3_bucket.bucket_good_1.id

  block_public_acls   = true
  block_public_policy = true
}

Parameters

Explanation in Terraform Registry

Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

AWS::S3::Bucket PublicAccessBlockConfiguration (CloudFormation)

The Bucket PublicAccessBlockConfiguration in S3 can be configured in CloudFormation with the resource name AWS::S3::Bucket PublicAccessBlockConfiguration. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

BlockPublicAcls Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to TRUE causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
  • PUT Object calls fail if the request includes a public ACL.
  • PUT Bucket calls fail if the request includes a public ACL. Enabling this setting doesn't affect existing policies or ACLs.
    Required: No
    Type: Boolean
    Update requires: No interruption

BlockPublicPolicy Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
Required: No
Type: Boolean
Update requires: No interruption

IgnorePublicAcls Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
Required: No
Type: Boolean
Update requires: No interruption

RestrictPublicBuckets Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
Required: No
Type: Boolean
Update requires: No interruption

Explanation in CloudFormation Registry

The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

Frequently asked questions

What is AWS Amazon S3 Bucket Public Access Block?

AWS Amazon S3 Bucket Public Access Block is a resource for Amazon S3 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon S3 Bucket Public Access Block?

For Terraform, the semnil/terraform-aws-example, SonarSource/sonar-iac and skoleapp/skole-infra source code examples are useful. See the Terraform Example section for further details.