- Newest
- Most votes
- Most comments
Hi,
Please read the following approaches:
Modifying Through AWS Management Console:
You can modify the access control settings of S3 buckets directly through the AWS Management Console. This includes changing permissions, adding bucket policies, modifying CORS configurations, etc.
However, modifying the configuration directly through the console does not update the CloudFormation template that was originally used to create the bucket. This means there's a risk of configuration drift, where the actual configuration of the bucket does not match the state defined in the CloudFormation template.
If you later update the stack using the original or a modified CloudFormation template, changes made directly through the console may be overwritten.
Modifying Through CloudFormation:
Updating the bucket configuration through CloudFormation is generally considered best practice in environments where infrastructure is managed as code. This ensures that the CloudFormation template always accurately reflects the state of the infrastructure.
To modify the configuration, you would update the CloudFormation template with the desired changes and then apply that update to the existing CloudFormation stack.
One potential issue with this approach is that certain changes might require resource replacement. However, for many properties of the S3 bucket resource in CloudFormation, such as updating access control, the update is applied without replacing the bucket, so your data remains intact.
Relevant content
- Accepted Answerasked 5 months ago
- Accepted Answerasked 6 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago