AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

The container element for all Public Access Block configuration options. You can enable the configuration options in any combination.

Amazon S3 considers a bucket policy public unless at least one of the following conditions is true:

  1. The policy limits access to a set of CIDRs using aws:SourceIp. For more information on CIDR, see http://www.rfc-editor.org/rfc/rfc4632.txt

  2. The policy grants permissions, not including any "bad actions," to one of the following:

    • A fixed AWS principal, user, role, or service principal

    • A fixed aws:SourceArn

    • A fixed aws:SourceVpc

    • A fixed aws:SourceVpce

    • A fixed aws:SourceOwner

    • A fixed aws:SourceAccount

    • A fixed value of s3:x-amz-server-side-encryption-aws-kms-key-id

    • A fixed value of aws:userid outside the pattern "AROLEID:*"

"Bad actions" are those that could expose the data inside a bucket to reads or writes by the public. These actions are s3:Get*, s3:List*, s3:AbortMultipartUpload, s3:Delete*, s3:Put*, and s3:RestoreObject.

The star notation for bad actions indicates that all matching operations are considered bad actions. For example, because s3:Get* is a bad action, s3:GetObject, s3:GetObjectVersion, and s3:GetObjectAcl are all bad actions.

Inheritance Hierarchy

System.Object
  Amazon.S3.Model.PublicAccessBlockConfiguration

Namespace: Amazon.S3.Model
Assembly: AWSSDK.S3.dll
Version: 3.x.y.z

Syntax

C#
public class PublicAccessBlockConfiguration

The PublicAccessBlockConfiguration type exposes the following members

Constructors

Properties

NameTypeDescription
Public Property BlockPublicAcls System.Boolean

Gets and sets the property BlockPublicAcls.

Specifies whether Amazon S3 should block public ACLs for this bucket. Setting this element to TRUE causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.

  • PUT Object calls will fail if the request includes an object ACL.

Note that enabling this setting doesn't affect existing policies or ACLs.

Public Property BlockPublicPolicy System.Boolean

Gets and sets the property BlockPublicPolicy.

Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Note that enabling this setting doesn't affect existing bucket policies.

Public Property IgnorePublicAcls System.Boolean

Gets and sets the property IgnorePublicAcls.

Specifies whether Amazon S3 should ignore public ACLs for this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and any objects that it contains.

Note that enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

Public Property RestrictPublicBuckets System.Boolean

Gets and sets the property RestrictPublicBuckets.

Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only Amazon Web Service principals and authorized users within this account if the bucket has a public policy.

Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

Version Information

.NET:
Supported in: 8.0 and newer, Core 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.5 and newer, 3.5