I enabled public access on my bucket's ACL using the Amazon S3 console. Is my bucket open to everyone?

Last updated: 2020-11-09

I used the Amazon Simple Storage Service (Amazon S3) console to update my bucket's access control list (ACL) to allow public access. Can anyone access my bucket?

Resolution

Even if you enable all possible bucket ACL options available in the Amazon S3 console, the ACL alone doesn't allow everyone to download objects from your bucket. However, depending on which option you select, any user could perform these actions:

  • If you select List objects for the Everyone group, then anyone can get a list of objects that are in the bucket.
  • If you select Write objects, then anyone can upload, overwrite, or delete objects that are in the bucket.
  • If you select Read bucket permissions, then anyone can view the bucket's ACL.
  • If you select Write bucket permissions, then anyone can change the bucket's ACL.

For more information, see What permissions can I grant?

To prevent any accidental change to public access on a bucket's ACL, you can configure public access settings for the bucket. If you select Block new public ACLs and uploading public objects, then users can't add new public ACLs or upload public objects to the bucket. If you select Remove public access granted through public ACLs, then all existing or new public access granted by ACLs is respectively overridden or denied.


Did this article help?


Do you need billing or technical support?