- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello.
I can't find the resource type "AWS::S3::AccountPublicAccessBlock" in the documentation, but is it a commonly used resource type?
I thought maybe it's not supported by CloudFormation.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/AWS_S3.html
I thought that if I were to use CloudFormation, I would need to create a custom resource and create a Lambda that executes things like "put_public_access_block()".
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3control/client/put_public_access_block.html#
Hi There
AWS::S3::AccountPublicAccessBlock
is not a valid CloudFormation resource type. You wont be able to put an account level public access block using CloudFormation.
Here are the supported ways of applying an account-level block: https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html
For example, you can use the CLI via the s3control
api. See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3control/put-public-access-block.html.
Once you set Block Public Access on the accounts, you can add an SCP to disallow changes to this configuration.
See this previous post which details the SCP: https://repost.aws/questions/QUUsKRARa1TmywIed1_9JpbA/scp-to-enable-block-s3-public-access
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 3 Jahren