2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hi, this SCP works for me: (you need an additional s3:PutBucketPublicAccessBlock
)
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutBucketPublicAccessBlock", "s3:PutAccountPublicAccessBlock" ], "Resource": "*", "Effect": "Deny" } ] }
Also note that SCP doesn't apply to the Organization's management account. You can only restrict bucket public access for member accounts.
con risposta 7 mesi fa
0
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?
Right. It will not affect the existing bucket.
In my case, 229660767790-public
and 229660767790-private
are existing buckets before the SCP was applied, and 229660767790-public2
is the new bucket after the SCP was applied.
I failed to make 229660767790-public2
public, but 229660767790-public
is still public.
Nevertheless, you should test this policy yourself before applying to the production.
con risposta 7 mesi fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?