How to Block Public Access to an Individual S3 Bucket
S3 buckets that are publicly accessible could pose a security risk. To address this, you can restrict access to S3 buckets by either blocking public access at the account-level or at the bucket level.
If you do not have public access blocked at the account level, but want to block public access for a specific S3 bucket, you will need to update the bucket settings.
In this guide, we’ll explain how to block public access from individual S3 buckets to fortify your security.
Blocking Public Access for an Existing S3 Bucket
You can update the access setting for an existing S3 bucket using either the AWS Console or the AWS CLI.
Using the AWS Console:
- First, sign in to the Amazon S3 Console.
- From the Bucket name list, select the bucket that you want to update.
- Click the Permissions tab and click Edit.

- You can either select to Block all public access, or specify a subset of the access settings. Click Save.
Using the AWS CLI:
- First, you can check the current access-level for your S3 bucket with the following command:
Here’s an example:
You’ll see an output like this:
- If you see that the S3 bucket is public, then you can block public access with the following command:
- If you want to specify public access settings, you can do that with the --public-access-block-configuration flag. Here’s an example:
Now you’ve successfully blocked public access for a specific S3 bucket. If you want to block public access for all S3 buckets, you can edit the access settings at the account-level.
Creating a New S3 Bucket with No Public Access
Using the AWS Console:
When you are creating a new S3 bucket in the AWS Console, you will see a section called Bucket settings for Block Public Access. You can enable all the settings to block public access, which is recommended unless you are using the bucket to host a public website.
Using the AWS CLI:
When you use the CLI to create a new S3 bucket, you can ensure that the bucket doesn’t allow for public access by including the --acl flag and specifying private:
By setting the ACL (Access Control List) to private, you are configuring the bucket to not be publicly accessible.
Blocking Public Access of a S3 Bucket with Blink
You need to be careful if you have publicly accessible S3 buckets, since it can pose a security risk. You can check individual buckets or alter account settings, but either way, running periodic checks to ensure that you have minimal access settings is a good practice.
With Blink, you can use no-code automations to check for any publicly accessible S3 buckets, send Slack notifications to their owners, and take action to block public access.
Create your free Blink account and secure your S3 buckets today.