AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

What is the default S3 bucket permission when the bucket is created from the AWS CLI?

I was watching the AWS CLI lecture and I noticed that when Ryan created an S3 bucket from the CLI, it appeared that the default bucket permission was "Objects can be public".  However, if you create an S3 bucket from the console, my understanding was that the default permission was everything is private.  Do the two creation methods have different defaults?

1 Answers

Hi Mark,

I’ve tested this in my own account for you. By interrogating the ‘get-public-access-block’ api call, it seems that when an S3 bucket is created via the CLI, no public access block configuration is created, unless you specify it. When I enable public access block and then remove it, I can see the equivalent of an explicit allow.

So rather, Public access is not enabled by default on buckets created in the console, but is enabled when created via CLI.

[ec2-user@ip-172-31-41-17 ~]$ aws s3 mb s3://publicblocktest123

make_bucket: publicblocktest123

[ec2-user@ip-172-31-41-17 ~]$ aws s3api get-public-access-block --bucket publicblocktest123

An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the GetPublicAccessBlock operation: The public access block configuration was not found

I then disabled and enabled public block access

[ec2-user@ip-172-31-41-17 ~]$ aws s3api get-public-access-block --bucket publicblocktest123 

 "PublicAccessBlockConfiguration": 

 "IgnorePublicAcls": false, 

 "BlockPublicPolicy": false, 

 "BlockPublicAcls": false, 

 "RestrictPublicBuckets": false 

 } 

 }

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?