Ping a Specific Port

Question

Howiecamp

Asked: 2017-04-10 10:15:04 +0800 CST2017-04-10 10:15:04 +0800 CST 2017-04-10 10:15:04 +0800 CST

Amazon S3 permissions don't specify public access however public can read objects

772

I've got an AWS S3 bucket where the only permissions I've defined are for myself and Amazon's Log Delivery. As shown from the AWS Console:

As shown from another tool (S3 Browser):

There's no public or everyone or anonymous users in the ACL.

Yet, public/anonymous users can read objects from the bucket:

How can this be?

1 Answers

Voted

Tim · Answer 1 · 2017-04-10T11:06:15+08:00

Best Answer

Tim

2017-04-10T11:06:15+08:002017-04-10T11:06:15+08:00

S3 has three ways to control access:

IAM
Bucket Policy
ACLs

I suspect you have a bucket policy that provides public access.

A bucket policy like this, which you haven't mentioned, would provide public access.

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Sid": "AddPerm",
          "Effect": "Allow",
          "Principal": "*",
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::BUCKETNAME/*"
      }
  ]
}

8

Amazon S3 permissions don't specify public access however public can read objects

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?