S3 Bucket Policies
In this blog, I will walk you through with some of the interesting S3 bucket polices to secure the bucket and objects. I have a bucket called “ demo-aws-sathiya”. I need the bucket to be accessed from other regions and from outside AWS (On Prem). Hence, I created a S3 VPC Interface Endpoint. To access S3 bucket via VPCE interface endpoint we need to use the DNS name of the S3 VPC Interface Endpoint. By default, the S3 VPCE policy allows access to all the buckets in that account. Let’s start by implementing a policy at the S3 VPC Interface Endpoint level to restrict access to all buckets except the required ones. This allows access to the bucket "demo-aws-sathiya" to be accessed using the S3 VPC interface endpoint. I get access denied when I try to access others bucket NOT ALLOWED in the policy. Next, our bucket has empty bucket policy which means it is accessible from outside. Now, we need to make sure the bucket is accessed only via S3 VPC Interface endpoint. ...