- Block new public ACLs, and upload public objects
- Public access to public ACLs must be removed
- Block all new public bucket policies
- Block public and cross-account acces to buckets with public policies
Barr said administrators can apply the settings in one way to their entire account and in another way to individual buckets. The protections are additive if I set some options on the account level and others for a bucket. If a user wishes to create a new bucket the original security settings will still apply. However, the user will need to disable or enable the settings manually for the bucket that requires a different level public access to the rest of the account. S3 buckets are not accessible to the public by default. However, there have been numerous instances where organizations have misconfigured their S3 buckets. This has resulted in the exposure of personal data of hundreds and millions of people as well as data that is critical to organizations’ security infrastructure. AWS has taken several steps in order to address the problem. They have released S3-specific security features and tools, and they have even warned users to lock down their buckets. This is the latest step in this effort.