0PricingLogin
AWS Security Academy · Lesson

Block Public Access and Bucket Policies

Prevent accidental public exposure of your S3 objects.

The Most Common Breach

Leaked data from a misconfigured S3 (Simple Storage Service) bucket is one of the most common cloud breaches. A single wrong setting can expose millions of objects to the entire internet.

S3 is private by default, but layers of permissions can accidentally open it. Understanding those layers is essential security knowledge.

Layers of S3 Access

Access to an S3 object can be granted by several mechanisms:

  • IAM policies on users and roles.
  • Bucket policies attached to the bucket.
  • ACLs (access control lists) on buckets and objects.
  • Block Public Access settings that override the rest.

Public exposure usually comes from a bucket policy or ACL gone wrong.

All lessons in this course

  1. Block Public Access and Bucket Policies
  2. Access Points and Object Ownership
  3. Finding Sensitive Data with Amazon Macie
  4. Data Lifecycle and Secure Deletion
← Back to AWS Security Academy