Configure public access control for S3 buckets using CDK
AWS provider the ability to control public access to S3 buckets.
There are four properties that can be set to control public access to S3 buckets:
BlockPublicAcls
: Specifies if Amazon S3 should restrict public access control lists (ACLs) for this bucket and its objectsBlockPublicPolicy
: Specifies if Amazon S3 should restrict public bucket policies for this bucketIgnorePublicAcls
: Specifies if Amazon S3 should ignore public ACLs for this bucket and its objectsRestrictPublicBuckets
: Specifies whether Amazon S3 should restrict public bucket policies for this bucket
You can either configure them individually, or all together using the BlockPublicAccess.BLOCK_ALL
configuration.
Configure Access Control
You can configure access control on the S3 bucket by setting the block_public_access
property of the Bucket
construct to BlockPublicAccess.BLOCK_ALL
.
# filename: cdk_app/s3_stack.py
from aws_cdk import (
Stack,
aws_s3 as s3,
RemovalPolicy,
)
from constructs import Construct
class S3Stack(Stack):
BUCKET_ID = "MyS3Bucket"
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
my_bucket = s3.Bucket(
self,
id=self.BUCKET_ID,
# 👇🏽 Block all public access
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
removal_policy=RemovalPolicy.DESTROY,
)
This block all public access to the bucket and its objects.
Need Help? Open a discussion thread on GitHub.
Related Posts
📄
How to create a Lambda function in a Custom Docker image using AWS CDK in Python
📄
How to create a Lambda function in a ECR Docker image using AWS CDK in Python
📄
Add CORS configuration to a S3 bucket using AWS CDK
📄
How to create a lambda function using AWS CDK in Python
📄
How to import an existing lambda function using AWS CDK in Python