Introduction
I checked the following four statuses for S3 public access and will summarize them.
- Private bucket and objects
- Objects can be made public
- Public
- Authenticated users of this account only
1. Private Bucket and Objects
When in the following state, Private bucket and objects is displayed:
- Block public access is ON
- No explicit access permitted in the bucket policy
2. Objects Can Be Made Public
When in the following state, Objects can be made public is displayed. At first I thought this meant public access was possible, but it seems an explicit bucket policy change is required. Even though the Japanese text implies public access is possible, access is actually not possible.
- Block public access is OFF
- No explicit access permitted in the bucket policy
3. Public
When in the following state, Public is displayed:
- Block public access is OFF
- Explicit access is permitted in the bucket policy
Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::s3-public-test-1/*"
]
}
]
}
4. Authenticated Users of This Account Only
When in the following state, Authenticated users of this account only is displayed:
- Block public access is ON
- Explicit access is permitted in the bucket policy
