Amazon S3 提供用于存储桶和账户的阻止公有访问设置,以帮助您管理对 Amazon S3 资源的公有访问。默认情况下,新存储桶和对象不允许公有访问,但用户可以通过修改存储桶策略或对象权限来允许公有访问。Amazon S3 阻止公有访问设置可覆盖这些策略和权限,以便于您限制对这些资源的公有访问。借助 Amazon S3 阻止公有访问,账户管理员和存储桶所有者可以轻松设置集中控制,来控制对已实施 Amazon S3 资源的公有访问(与资源的创建方式无关)。
When Amazon S3 receives a request to access a bucket or an object, it determines whether the bucket or the bucket owner's account has a block public access setting applied. If there is an existing block public access setting that prohibits the requested access, then Amazon S3 rejects the request. Amazon S3 block public access provides four settings. These settings are independent and can be used in any combination. And each setting can be applied to a bucket or to an entire AWS account. If a bucket has block public access settings that are different from its owner's account, Amazon S3 applies the most restrictive combination of the bucket-level and account-level settings. When Amazon S3 evaluates whether an operation is prohibited by a block public access setting, it rejects any request that violates either a bucket-level or an account-level setting.