2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
0
Hi, this SCP works for me: (you need an additional s3:PutBucketPublicAccessBlock
)
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutBucketPublicAccessBlock", "s3:PutAccountPublicAccessBlock" ], "Resource": "*", "Effect": "Deny" } ] }
Also note that SCP doesn't apply to the Organization's management account. You can only restrict bucket public access for member accounts.
respondido hace 7 meses
0
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?
Right. It will not affect the existing bucket.
In my case, 229660767790-public
and 229660767790-private
are existing buckets before the SCP was applied, and 229660767790-public2
is the new bucket after the SCP was applied.
I failed to make 229660767790-public2
public, but 229660767790-public
is still public.
Nevertheless, you should test this policy yourself before applying to the production.
respondido hace 7 meses
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace un año
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?