I was watching the AWS CLI lecture and I noticed that when Ryan created an S3 bucket from the CLI, it appeared that the default bucket permission was "Objects can be public". However, if you create an S3 bucket from the console, my understanding was that the default permission was everything is private. Do the two creation methods have different defaults?
1 Answers
Hi Mark,
I’ve tested this in my own account for you. By interrogating the ‘get-public-access-block’ api call, it seems that when an S3 bucket is created via the CLI, no public access block configuration is created, unless you specify it. When I enable public access block and then remove it, I can see the equivalent of an explicit allow.
So rather, Public access is not enabled by default on buckets created in the console, but is enabled when created via CLI.
[[email protected] ~]$ aws s3 mb s3://publicblocktest123
make_bucket: publicblocktest123
[[email protected] ~]$ aws s3api get-public-access-block --bucket publicblocktest123
An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the GetPublicAccessBlock operation: The public access block configuration was not found
I then disabled and enabled public block access
[[email protected] ~]$ aws s3api get-public-access-block --bucket publicblocktest123
{ "PublicAccessBlockConfiguration":
{
"IgnorePublicAcls": false,
"BlockPublicPolicy": false,
"BlockPublicAcls": false,
"RestrictPublicBuckets": false
}
}