2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Hi, this SCP works for me: (you need an additional s3:PutBucketPublicAccessBlock
)
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutBucketPublicAccessBlock", "s3:PutAccountPublicAccessBlock" ], "Resource": "*", "Effect": "Deny" } ] }
Also note that SCP doesn't apply to the Organization's management account. You can only restrict bucket public access for member accounts.
回答済み 8ヶ月前
0
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?
Right. It will not affect the existing bucket.
In my case, 229660767790-public
and 229660767790-private
are existing buckets before the SCP was applied, and 229660767790-public2
is the new bucket after the SCP was applied.
I failed to make 229660767790-public2
public, but 229660767790-public
is still public.
Nevertheless, you should test this policy yourself before applying to the production.
回答済み 8ヶ月前
関連するコンテンツ
- AWS公式更新しました 8ヶ月前
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?