Configure public access control for S3 buckets using CDK
AWS provider the ability to control public access to S3 buckets.
There are four properties that can be set to control public access to S3 buckets:
BlockPublicAcls: Specifies if Amazon S3 should restrict public access control lists (ACLs) for this bucket and its objectsBlockPublicPolicy: Specifies if Amazon S3 should restrict public bucket policies for this bucketIgnorePublicAcls: Specifies if Amazon S3 should ignore public ACLs for this bucket and its objectsRestrictPublicBuckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket
You can either configure them individually, or all together using the BlockPublicAccess.BLOCK_ALL configuration.
Configure Access Control
You can configure access control on the S3 bucket by setting the block_public_access property of the Bucket construct to BlockPublicAccess.BLOCK_ALL.
# filename: cdk_app/s3_stack.py
from aws_cdk import (
Stack,
aws_s3 as s3,
RemovalPolicy,
)
from constructs import Construct
class S3Stack(Stack):
BUCKET_ID = "MyS3Bucket"
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
my_bucket = s3.Bucket(
self,
id=self.BUCKET_ID,
# 👇🏽 Block all public access
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
removal_policy=RemovalPolicy.DESTROY,
)
This block all public access to the bucket and its objects.
Need Help? Open a discussion thread on GitHub.
Related Posts
📄
Using multiple environments AWS CLI and profiles with CDK
📄
Configure log retention and removal policy for Lambda function using AWS CDK in Python
📄
Granting Lambda function permission to access DynamoDB using AWS CDK in Python
📄
Granting S3 permissions to a Lambda function using AWS CDK in Python
📄
How to create a Lambda function in a Custom Docker image using AWS CDK in Python