beta
Home
What's New
FAQ
No Items in Stack
Browse
beta
Home
No Items in Stack
Browse

Security Control

Config Rules
Auto Remediation
Amazon GuardDuty
Amazon Inspector
Security Hub
Billing and Cost
S3 Bucket Policies
CloudWatch Alarms & Rules
Logging & Monitoring
Service Control Policies
AWS Systems Manager
Security Groups & NACLs
KMS
IAM Policies

Configuration Packages

Deploy Amazon VPC
Enable Logging Services
Threat Detection
Monitoring & Compliance
EC2 Patch Management
Common SCPs Package
CIS AWS Benchmark

Service

VPC
S3
EC2
IAM
DynamoDB
RDS

Solutions, Guides & Tools

Security Solutions
Security Tools
Close

S3 Bucket Policies

A list of S3 bucket policies that help protect S3 buckets. All policies can be customized and combined to create templates that can be deployed using CloudFormation or AWS CLI..

13/13
FILTERS
 
Service Protected
S3
S3
Require SSL (encryption in-transit) to access the S3 Bucket.
S3 Bucket Policy
A policy that denies any access to the S3 bucket that is not encrypted in-transit (uses HTTP instead of HTTPS).
API and CLI Access
Console Access
Prevent S3 Buckets and Objects from Allowing Public Access
S3 Bucket Policy
A policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the bucket's policy to public read or upload objects to the bucket if the objects have public permissions.
API and CLI Access
Console Access
Restrict Access to Specific IP Addresses
S3 Bucket Policy
A policy that grants permissions to any user to perform any Amazon S3 operations on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition.
API and CLI Access
Restricting Access to a Specific HTTP Referrer
S3 Bucket Policy
A policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages.
Require MFA for Bucket Access
S3 Bucket Policy
A policy that denies any Amazon S3 operation on the bucket if the request is not MFA authenticated.
API and CLI Access
Console Access
MFA
Restrict S3 bucket read access to a Cloudfront origin
S3 Bucket Policy
A policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access identity.
API and CLI Access
Console Access
Grant Read-Only Permission to any Anonymous User
S3 Bucket Policy
A policy that grants the s3:GetObject permission to any public anonymous user.
API and CLI Access
Grant AWS Config Access to the Amazon S3 Bucket
S3 Bucket Policy
An S3 Bucket policy grants access to AWS Config to store its history files and snapshots on the S3 bucket.
API and CLI Access
Config
Grant AWS CloudTrail Access to the Amazon S3 Bucket
S3 Bucket Policy
An S3 Bucket policy grants access to AWS CloudTrail to deliver log files to the S3 bucket.
API and CLI Access
CloudTrail
Grant AWS CloudTrail and AWS Config access to the Amazon S3 Bucket
S3 Bucket Policy
An S3 Bucket policy grants access to AWS Config and AWS CloudTrail to deliver log files to the S3 bucket.
API and CLI Access
CloudTrail
Config
Restrict Access to a Specific VPC
S3 Bucket Policy
An S3 Bucket policy that denies all access to the bucket if the specified VPC is not being used to access the S3 bucket.
API and CLI Access
VPC
Restrict Access to S3 Bucket to a Specific VPC Endpoint
S3 Bucket Policy
An S3 Bucket policy that denies all access to the bucket if the specified VPC endpoint is not being used to access the S3 bucket.
API and CLI Access
VPC
Allow All AWS Accounts in an AWS Organization Read Access
S3 Bucket Policy
An S3 Bucket policy that allows all AWS accounts that belong to the specified AWS organization access to read all objects in the S3 bucket.
API and CLI Access
Organization