I have several public S3 buckets that I use to serve images. However, AWS is alerting me that general-purpose buckets should block all public read access. I find it confusing that they allow the option for public buckets if they actually discourage it. What changes do I need to make to my bucket settings to stop receiving this alert? Should I look for another method to serve static images instead?
4 Answers
It's crucial to be careful with public buckets. If you're trying to serve static content, consider putting CloudFront in front of your bucket instead, rather than allowing direct public access. This way, your warning will disappear while providing better security and improved latency for users.
AWS warns against public S3 buckets due to security risks, stemming from incidents where developers mistakenly left them open. If your intention is to keep the bucket public, you can adjust your settings by disabling 'Block all public access' in the bucket permissions and adding a public-read policy. However, the best practice is to use CloudFront for serving files while keeping your bucket private for better security.
You might want to disable the S3 alert if you are fine with public access. AWS uses this as a way to prompt users to rethink their security practices. Remember, while public buckets can serve static images, they also come with risks. So, think about utilizing CloudFront as a more secure method of serving your content.
Opening your S3 bucket to the public increases exposure risk. It's better to use CloudFront to serve content without making your bucket public. This approach enhances your security and can actually lower your costs while minimizing latency for your users.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads