Security News > 2022 > December > AWS strains to make Simple Storage Service not so simple to screw up
"We want to make sure that you use public buckets and objects as needed, while giving you tools to make sure that you don't make them publicly accessible due to a simple mistake or misunderstanding," the company explained as it introduced Amazon S3 Block Public Access, a way to block public access to S3 buckets through the S3 management console.
That's when AWS announced "a couple new features that simplify access management for data stored in Amazon Simple Storage Service."
Basically, AWS in 2011 rolled out AWS Identity and Access Management, to set policies defining permissions and control access to buckets and objects in Amazon S3. The result was too many ways to control S3 bucket access: IAM policies, S3 bucket policies, S3 Access Point policies, S3 Block Public Access, and ACLs.
Amazon explained at the time, "This simplifies access management for data stored in Amazon S3" - which, allow us to remind you, stands for Simple Storage Service.
What this means is it won't be simple to create an S3 storage bucket with public access by accident.
These security-best-practice defaults - already in place for buckets created via the S3 management console - will soon apply to all new buckets, whether they've been created via the AWS command line interface, APIs, SDKs, or AWS CloudFormation.