2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi, this SCP works for me: (you need an additional s3:PutBucketPublicAccessBlock
)
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutBucketPublicAccessBlock", "s3:PutAccountPublicAccessBlock" ], "Resource": "*", "Effect": "Deny" } ] }
Also note that SCP doesn't apply to the Organization's management account. You can only restrict bucket public access for member accounts.
답변함 7달 전
0
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?
Right. It will not affect the existing bucket.
In my case, 229660767790-public
and 229660767790-private
are existing buckets before the SCP was applied, and 229660767790-public2
is the new bucket after the SCP was applied.
I failed to make 229660767790-public2
public, but 229660767790-public
is still public.
Nevertheless, you should test this policy yourself before applying to the production.
답변함 7달 전
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 2년 전
Just to confirm, this will not impact the existing public accessible S3 bucket and only apply to new bucket, right ?