Table of Contents

Class PublicAccessBlockConfiguration

Namespace
Amazon.S3.Model
Assembly
AWSSDK.S3.dll

The container element for all Public Access Block configuration options. You can enable the configuration options in any combination.

Amazon S3 considers a bucket policy public unless at least one of the following conditions is true:

  1. The policy limits access to a set of CIDRs using 

    aws:SourceIp
    . For more information on CIDR, see http://www.rfc-editor.org/rfc/rfc4632.txt

  2. The policy grants permissions, not including any "bad actions," to one of the following:

    • A fixed AWS principal, user, role, or service principal

    • A fixed 

      aws:SourceArn

    • A fixed 

      aws:SourceVpc

    • A fixed 

      aws:SourceVpce

    • A fixed 

      aws:SourceOwner

    • A fixed 

      aws:SourceAccount

    • A fixed value of 

      s3:x-amz-server-side-encryption-aws-kms-key-id

    • A fixed value of 

      aws:userid
      outside the pattern "
      AROLEID:*
      "

"Bad actions" are those that could expose the data inside a bucket to reads or writes by the public. These actions are 

s3:Get*
, 
s3:List*
, 
s3:AbortMultipartUpload
, 
s3:Delete*
, 
s3:Put*
, and 
s3:RestoreObject
.

The star notation for bad actions indicates that all matching operations are considered bad actions. For example, because 

s3:Get*
is a bad action, 
s3:GetObject
, 
s3:GetObjectVersion
, and 
s3:GetObjectAcl
are all bad actions. 
public class PublicAccessBlockConfiguration
Inheritance
PublicAccessBlockConfiguration
Inherited Members

Constructors

PublicAccessBlockConfiguration() 

public PublicAccessBlockConfiguration()

Properties

BlockPublicAcls

Gets and sets the property BlockPublicAcls.

Specifies whether Amazon S3 should block public ACLs for this bucket. Setting this element to 

TRUE
causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.

  • PUT Object calls will fail if the request includes an object ACL.

Note that enabling this setting doesn't affect existing policies or ACLs. 

public bool BlockPublicAcls { get; set; }

Property Value

bool

BlockPublicPolicy

Gets and sets the property BlockPublicPolicy.

Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to 

TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Note that enabling this setting doesn't affect existing bucket policies. 

public bool BlockPublicPolicy { get; set; }

Property Value

bool

IgnorePublicAcls

Gets and sets the property IgnorePublicAcls.

Specifies whether Amazon S3 should ignore public ACLs for this bucket. Setting this element to 

TRUE
causes Amazon S3 to ignore all public ACLs on this bucket and any objects that it contains.

Note that enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. 

public bool IgnorePublicAcls { get; set; }

Property Value

bool

RestrictPublicBuckets

Gets and sets the property RestrictPublicBuckets.

Specifies whether Amazon S3 should restrict public bucket policies for this bucket. If this element is set to 

TRUE
, then only the bucket owner and AWS Services can access this bucket if it has a public policy.

Note that enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. 

public bool RestrictPublicBuckets { get; set; }

Property Value

bool