AWS: Will block all bucket public access affect the access from other AWS accounts?

0
votes

I have a bucket that is accessible from some people in my org and has an Access control list configuration to allow access from another AWS account (read and write).

I don't want anyone to be able to put objects with public ACLs. So I read about the "block public access" at the bucket level. You can choose to block only bucket policies or ACLs policies, there are 4 options. I want to block public objects ACL but if I choose this option it will block the access from the external AWS account? I am confused by the concepts of object ACL and bucket ACL.

2
amazon-web-servicesamazon-s3

2 Answers

3
votes

None of the Block Public Access options will block authenticated access to the S3 bucket. They only impact unauthenticated (public) access.

In your case, I'm assuming that you don't want to allow any public access to the bucket or objects, so enable the top-level checkbox (for all blocking features).

1
votes

If you have users who are accessing the objects via IAM credentials, then the Block Public Access settings will not apply.

Thus, keeping it turned on will prevent them from accidentally making an object public, and they can still keep accessing objects as they do currently, using their AWS credentials.