Configure public access control for S3 buckets using CDK
AWS provider the ability to control public access to S3 buckets.
There are four properties that can be set to control public access to S3 buckets:
BlockPublicAcls: Specifies if Amazon S3 should restrict public access control lists (ACLs) for this bucket and its objects
BlockPublicPolicy: Specifies if Amazon S3 should restrict public bucket policies for this bucket
IgnorePublicAcls: Specifies if Amazon S3 should ignore public ACLs for this bucket and its objects
RestrictPublicBuckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket
You can either configure them individually, or all together using the
Configure Access Control
You can configure access control on the S3 bucket by setting the
block_public_access property of the
Bucket construct to
# filename: cdk_app/s3_stack.py from aws_cdk import ( Stack, aws_s3 as s3, RemovalPolicy, ) from constructs import Construct class S3Stack(Stack): BUCKET_ID = "MyS3Bucket" def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) my_bucket = s3.Bucket( self, id=self.BUCKET_ID, # 👇🏽 Block all public access block_public_access=s3.BlockPublicAccess.BLOCK_ALL, removal_policy=RemovalPolicy.DESTROY, )
This block all public access to the bucket and its objects.