How to disable Internet wide access to the S3 bucket in AWS

Riyaz Walikar
Feature image


AWS allows bucket owners to set visibility for a bucket to become accessible over the Internet. Any Internet based user, regardless of their authentication status with AWS can make HTTP requests and access the bucket and the objects via a browser.

This allows for an Internet located attacker to access the bucket using a user agent or using the AWS CLI as well. In case there is some sensitive or critical data within the publicly accessible bucket, it will become available to the attackers as well without any authentication requirement. Based on the quantity and type of data uncovered, it may be possible for Internet located attackers to perform additional attacks within the AWS target environment.

Steps to disable Internet wide access to the S3 bucket using AWS console

  1. Log in to your AWS account and navigate to S3 dashboard.

  2. Click on Buckets on the left navigation panel

    Buckets on navigation panel

  3. Select the bucket to modify.

    Select Bucket

  4. Click on Permissions tab

    Select Bucket

  5. Click on Edit under Block public access (bucket settings)

    Edit Bucket access

  6. Check the checkbox Block all public access

    EBlock all public access

  7. Click on Save changes

    Save changes

  8. Type confirm for confirming the access permissions and then click on confirm button

    Confirm changes

← Back to Academy