Reputation: 2315
AWS S3 : is it risky to set "Block all public access" to off?
I want to share some public assets (images and fonts) with anyone who has the URL (read only).
I uploded the files to a new S3 bucket.
In Permissions > Block public access I set everything to Off
In Properties > Static website hosting I configured it as Use this bucket to host a website
Is it risky ? Can anybody write in my bucket because I set Block Public access to Off ?
Upvotes: 3
Views: 1331
Answers (1)
Reputation: 238299
This is normally done when setting bucket in website mode. From docs:
To make your bucket publicly readable, you must disable block public access settings for the bucket
What others can do, depends on bucket policy. For website, it should only allow read only access:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
As you can see, the policy allows only s3:GetObject. s3:PutObject is not included which would allow writing to the bucket.
Upvotes: 2
Related Questions
- AWS S3 make public via ACL disabled?
- Turning off public access to AWS S3 bucket
- What combination of Block Public Access settings makes my s3 bucket viewable to everyone?
- After fully blocking public access to s3, Even admin users is not able to access it
- What does these settings mean for Block Public Access settings in S3?
- Is an Amazon S3 publicly readable bucket bad
- Should I make my S3 bucket public for static site hosting?
- Does static hosting make S3 bucket overwrite "Block public access" settings for bucket?
- AWS s3 "public access"
- AWS S3 ACL public-read-write: security concern