AWS Announced Improved Security for S3 Buckets with New Default Settings
AWS recently announced that starting in April 2023, new Amazon S3 buckets will have two new default security settings enabled automatically. This change is being made to help ensure that S3 buckets are set up securely and follow recommended best practices.
Think of S3 buckets like treasure chests: they hold valuable data, and you want to make sure that only the right people can access them. The new default settings are like locks that keep your treasure chest safe.
If you'd like to know more about AWS S3 and how it stacks up against the other AWS Storage services check my previous article: How to Choose the Right AWS Storage Solution for your Project - S3, EFS, EBS or RDS.
The first default setting is called "S3 Block Public Access". This setting is like a guard that keeps unauthorized people from sneaking into your castle. It ensures that S3 buckets are not set up in a way that allows public access.
The second default setting is to disable S3 access control lists (ACLs). This setting is like a key that only you and the people you trust have. With this key, you can open the treasure chest and access the data inside. With this default setting, AWS is replacing ACLs with IAM policies, which are a simpler and more flexible way to manage access.
It's important to note that these new default settings will not affect existing S3 buckets. They only apply to new buckets created after the change is implemented.
However, if you have an application that needs to make a new S3 bucket publicly accessible or use ACLs, you will need to deliberately configure the settings. AWS recommends reviewing their documentation to learn how to do this.
Overall, this change is a good thing for S3 bucket owners. It will help ensure that new buckets are created with strong security settings, which is like putting a lock on your treasure chest to keep it safe. And if you already have existing buckets, don't worry - your treasure chest is still secure!
For more detailed information check Amazon's advanced notice publication.