Disable All Public Read Access to an S3 Bucket using AWS CLI

Disable read access to S3 bucket

  • This command will disable public read from an entire bucket. If you want to only disable public read from one object, use the AWS Console instructions

  • If your S3 bucket is in a different aWS account, you will need to provide credentials for that account first.

      aws ssm start-automation-execution --document-name AWS-DisableS3BucketPublicReadWrite --parameters "{\"S3BucketName\": [\"<bucket-name>\"]}"

Return to the Lab Guide , but keep this page open if you want to re-enable public read access to the bucket after testing.

Re-enable access (after testing) using the S3 console

  1. This requires using the S3 console. Go to the S3 console: https://console.aws.amazon.com/s3
  2. Select the bucket name where the image is located
  3. Select the “Permissions” tab
  4. Click Edit (upper-right)
  5. Un-check all the boxes
  6. Click Save
  7. You are asked to type “confirm” - this is a security feature to ensure you truly intend this bucket to allow public access.

Click here to return to the Lab Guide