Considerations - Amazon EBS

Considerations

  • Block public access for snapshots does not prevent private snapshot sharing.

  • If you enable block public access for snapshots in block all sharing mode, it does not change the permissions for snapshots that are already publicly shared. Instead, it prevents these snapshots from be publicly visible and publicly accessible. Therefore, the attributes for these snapshots still indicate that they are publicly shared, even though they are not publicly available.

  • If block public access for snapshots is enabled in block all sharing mode, and you change the mode to block new sharing, or you disable block public access, all snapshots that were previously publicly shared are no longer treated as private and they become publicly accessible again.

  • Block public access for snapshots is a Regional setting. It applies to all snapshots in the Region in which it is enabled. You need to enable block public access for snapshots in each Region in which you want to prevent the public sharing of your snapshots.

  • Block public access is an account-level setting. It applies to all users, including administrator users, in the account. You can't enable block public access for snapshots at the organization level.

  • Block public access for snapshots does not prevent the public sharing of EBS-backed AMIs. If you enable block public access for snapshots, users can still publicly share EBS-backed AMIs. If an EBS-backed AMI is publicly shared, users with access to that AMI can create volumes from its associated snapshots. To prevent public sharing of your AMIs, enable block public access for AMIs.

  • Block public access for snapshots is not supported with local snapshots on AWS Outposts.