Configure public access control for S3 buckets using CDK

by Rehan Haider, Sat 04 November 2023 Category: AWS Academy

AWS provider the ability to control public access to S3 buckets.

There are four properties that can be set to control public access to S3 buckets:

  1. BlockPublicAcls: Specifies if Amazon S3 should restrict public access control lists (ACLs) for this bucket and its objects
  2. BlockPublicPolicy: Specifies if Amazon S3 should restrict public bucket policies for this bucket
  3. IgnorePublicAcls: Specifies if Amazon S3 should ignore public ACLs for this bucket and its objects
  4. RestrictPublicBuckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket

You can either configure them individually, or all together using the BlockPublicAccess.BLOCK_ALL configuration.

Configure Access Control

You can configure access control on the S3 bucket by setting the block_public_access property of the Bucket construct to BlockPublicAccess.BLOCK_ALL.

# filename: cdk_app/s3_stack.py

from aws_cdk import (
    Stack,
    aws_s3 as s3,
    RemovalPolicy,
)

from constructs import Construct


class S3Stack(Stack):
    BUCKET_ID = "MyS3Bucket"

    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        my_bucket = s3.Bucket(
            self,
            id=self.BUCKET_ID,
            # 👇🏽 Block all public access
            block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
            removal_policy=RemovalPolicy.DESTROY,
        )

This block all public access to the bucket and its objects.

Need Help? Open a discussion thread on GitHub.
#aws#cdk#python

Related Posts

📄
Add CORS configuration to a S3 bucket using AWS CDK
📄
How to create a lambda function using AWS CDK in Python
📄
How to import an existing lambda function using AWS CDK in Python
📄
Import an existing S3 bucket in CDK
📄
Manage Python dependencies in AWS Lambda using AWS CDK