安全改进解读:S3将阻止Public公开访问和禁用文件ACL两项功能作为新创建存储桶时候的默认设置

摘要:本文介绍了2023年以来S3将阻止Public公开访问和禁用文件ACL两项功能作为新创建存储桶时候的默认设置这一变化由此带来的安全方面的改进。同时,介绍了在此场景下如何配置存储桶公开对外发布数据。

一、背景

在S3控制台上,可以看到如下信息:

The S3 Block Public Access and S3 Object Ownership features provide settings to manage public access and object ownership for your Amazon S3 resources. All Block Public Access settings are enabled by default, and all new buckets, access points, and objects do not allow public access. By default, Object Ownership is set to bucket owner enforced, which disables the use of access control lists (ACLs).

These default settings have been in place in the S3 console since 2018 and 2021, respectively, and are recommended security best practices. Since April 2023, these default settings apply to all new buckets, regardless of how they are created. If you require public access, you can edit the Block Public Access settings, and grant access by using bucket policies. Unless you need to control access for each object individually, using ACLs to grant access isn't recommended. For more information, see Access control best practices.

以上两项功能,分别推出与2018年和2021年,之前是可选配置,目前成为了新建存储桶Bucket时候的默认配置。本文对这两个功能的使用进行介绍。

Continue reading “安全改进解读:S3将阻止Public公开访问和禁用文件ACL两项功能作为新创建存储桶时候的默认设置”