S3 Block Public Access: Restrictions and Limitations

Which Options Cannot Enable S3 Block Public Access?

Question

Which of the below 2 options can NOT be used to enable “S3 Block Public Access”?(Select TWO.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer: D and E.

Option A is INCORRECT.

We can use Rest APIs to enable “S3 Block Public Access”.

Option B is INCORRECT.

S3 console can be used to enable “S3 Block Public Access”.

Option C is INCORRECT.

SDKs can be used to enable “S3 Block Public Access”.

Option D is CORRECT.

AWS CLI S3 mb command is used to “make a bucket” and cannot be used to enable “S3 Block Public Access”.

Option E is CORRECT.

S3 Object Lock helps us to associate retention date to S3 objects.

Deletion of the S3 objects is prevented until the specified retention date.

Reference:

https://aws.amazon.com/blogs/storage/amazon-s3-consistently-raises-the-bar-in-data-security/ https://docs.aws.amazon.com/cli/latest/reference/s3/mb.html

The S3 Block Public Access feature is a security feature in Amazon S3 that helps customers ensure that the S3 buckets and objects are not publicly accessible. This feature provides four settings that you can use to restrict public access to your S3 resources.

The four settings are:

  1. Block Public Access settings for an individual bucket
  2. Block Public Access settings for an Amazon S3 account
  3. Block Public Access settings for Amazon S3 access points
  4. Block Public Access settings for S3 bucket policies

Now, let's review the given options and see which of them can NOT be used to enable S3 Block Public Access.

Option A: Rest APIs - INCORRECT

Amazon S3 provides REST APIs that allow you to manage your S3 resources programmatically. The REST APIs allow you to set Block Public Access settings for your S3 buckets and objects, and therefore, can be used to enable S3 Block Public Access.

Option B: S3 Console - INCORRECT

The Amazon S3 console provides a web-based interface that allows you to manage your S3 resources. The console allows you to set Block Public Access settings for your S3 buckets and objects, and therefore, can be used to enable S3 Block Public Access.

Option C: SDKs - INCORRECT

Amazon S3 provides SDKs for different programming languages that allow you to manage your S3 resources programmatically. The SDKs allow you to set Block Public Access settings for your S3 buckets and objects, and therefore, can be used to enable S3 Block Public Access.

Option D: AWS CLI “S3 mb” command - INCORRECT

The AWS Command Line Interface (CLI) provides a command-line interface that allows you to manage your AWS resources from the terminal. The S3 CLI command "s3 mb" can be used to create an S3 bucket, but it does not provide an option to set Block Public Access settings. However, you can use the "s3api" command to set Block Public Access settings for your S3 buckets and objects, and therefore, this option is incorrect.

Option E: S3 Object Lock - CORRECT

S3 Object Lock is a feature that allows you to store objects using a write-once-read-many (WORM) model. S3 Object Lock can be used to protect objects from deletion or modification, but it does not provide any settings to restrict public access to your S3 resources. Therefore, this option is correct.

In conclusion, the options that cannot be used to enable S3 Block Public Access are Option D (AWS CLI "S3 mb" command) and Option E (S3 Object Lock).