2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi, this SCP works for me: (you need an additional s3:PutBucketPublicAccessBlock
)
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutBucketPublicAccessBlock", "s3:PutAccountPublicAccessBlock" ], "Resource": "*", "Effect": "Deny" } ] }
Also note that SCP doesn't apply to the Organization's management account. You can only restrict bucket public access for member accounts.
répondu il y a 7 mois
0
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?
Right. It will not affect the existing bucket.
In my case, 229660767790-public
and 229660767790-private
are existing buckets before the SCP was applied, and 229660767790-public2
is the new bucket after the SCP was applied.
I failed to make 229660767790-public2
public, but 229660767790-public
is still public.
Nevertheless, you should test this policy yourself before applying to the production.
répondu il y a 7 mois
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- Comment puis-je accorder l’accès public en lecture à certains objets de mon compartiment Amazon S3 ?AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?