在帐户级别阻止 S3 public 访问
Block S3 public access at account level
有没有办法使用云形成在帐户级别阻止 public 对 s3 的访问?我尝试将此块添加到我的 CF 模板,但它失败了,说无法创建资源。它是否期望这仅在存储桶级别完成?浏览 AWS UI 时,有一种方法可以在帐户级别阻止它,我正在尝试使用 CF 进行复制。
# Block S3 public access
BlockS3PublicAccess:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: True
BlockPublicPolicy: True
IgnorePublicAcls: True
RestrictPublicBuckets: True
不支持。您必须创建一个 custom resource and a lambda function. If you were to use Python for the function, then you would set the public access using boto3's put_public_access_block. An example of how to do it is here.
有没有办法使用云形成在帐户级别阻止 public 对 s3 的访问?我尝试将此块添加到我的 CF 模板,但它失败了,说无法创建资源。它是否期望这仅在存储桶级别完成?浏览 AWS UI 时,有一种方法可以在帐户级别阻止它,我正在尝试使用 CF 进行复制。
# Block S3 public access
BlockS3PublicAccess:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: True
BlockPublicPolicy: True
IgnorePublicAcls: True
RestrictPublicBuckets: True
不支持。您必须创建一个 custom resource and a lambda function. If you were to use Python for the function, then you would set the public access using boto3's put_public_access_block. An example of how to do it is here.