Amazon S3 to apply security best practices for all new buckets

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets. For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists (ACLs) will be disabled.

These new default security settings will apply to all new S3 buckets in all AWS Regions, including the AWS GovCloud Regions and the AWS China Regions.

The majority of S3 use cases do not need public access or ACLs. For most customers, no action is required.

If you have use cases for public bucket access or the use of ACLs, you can disable Block Public Access or enable ACLs after you create an S3 bucket. In these cases, you may need to update automation scripts, CloudFormation templates, or other infrastructure configuration tools to configure these settings.