Amazon S3 Block Public Access now supports organization-level enforcement

Amazon S3 Block Public Access Organization-Level Enforcement

Amazon S3 Block Public Access (BPA) now allows organization-level control through AWS Organizations, enabling you to standardize and enforce S3 public access settings across all accounts in your AWS organization through a single policy configuration.

S3 Block Public Access at the organization level uses a single configuration that controls all public access settings across accounts within your organization. When you attach the policy at the root or Organizational Unit (OU)-level of your organization, it propagates to all sub-accounts within that scope, and new member accounts automatically inherit the policy. Alternatively, you can choose to apply the policy to specific accounts for more granular control.

What to do

• Navigate to the AWS Organizations console.
• Use the "Block all public access" checkbox or JSON editor to configure the policy.
• Use AWS CloudTrail to audit or keep track of policy attachment and enforcement for member accounts.

This feature is available in the AWS Organizations console as well as AWS CLI/SDK, in all AWS Regions where AWS Organizations and Amazon S3 are supported, with no additional charges. For more information, visit the AWS Organizations User Guide and Amazon S3 Block Public Access documentation.

Source: AWS release notes

If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.