DEV Community

Cover image for Block public access on all your S3 Buckets easily
Pierre Chollet for Serverless By Theodo

Posted on • Updated on

Block public access on all your S3 Buckets easily

I publish articles at least twice a month, so if you are interested in serverless, AWS, or JavaScript, you can follow me on Twitter or DEV!

One month ago, AWS sent an email to all their customers: New S3 Buckets will have public access blocked by default. 🤯

AWS email

This choice is due to security concerns: most use cases of S3 Buckets do not need public access, and it is easy to forget to block it. This is why AWS decided to block it by default.

However, this change will not affect existing S3 Buckets. If you want your existing applications to be up-to-date, you will have update "Block public access" configuration on all your S3 Buckets.

List all your S3 Buckets without "Block public access"

To enable "Block public access" on all your S3 Buckets, you first need to list all your S3 Buckets without this option enabled.

Introducing sls-mentor: a new open-source tool allowing you to audit your AWS serverless infrastructure. Like linters, it is based on rules, and it implements a rule verifying that all your S3 Buckets have "Block public access" enabled.

Simply run this command in your CLI:

npx sls-mentor@latest -p <your-aws-cli-profile>
Enter fullscreen mode Exit fullscreen mode

It will list all your S3 Buckets without "Block public access" enabled! 🚀

sls-mentor output 2

sls-mentor output

Now you know where to update your infrastructure!

How to enable "Block public access" on S3 Buckets

I am a user of AWS CDK, so I will show you how to enable "Block public access" on S3 Buckets that were created with it.

You only need to reach the part of the code where you create your S3 Bucket, and add the following line:

import * as cdk from 'aws-cdk-lib';

new cdk.aws_s3.Bucket(this, 'MyBucket', {
  // Existing code

  blockPublicAccess: cdk.aws_s3.BlockPublicAccess.BLOCK_ALL, // New line !

  // Existing code
});
Enter fullscreen mode Exit fullscreen mode

It's as simple as that! I showed you the TypeScript version, but CDK is available in many languages, and the syntax is quite similar every time.

We are looking for contributors!

sls-mentor is a new open-source tool, and we are looking for contributors to implement new rules like this one!

Feel free to check out our GitHub repository and open a pull request or an issue! We have issues for all levels of experience, so don't hesitate to contribute!

Find sls-mentor on Github ⭐️

I publish articles at least twice a month, so if you are interested in serverless, AWS, or JavaScript, you can follow me on Twitter or DEV!

Top comments (0)