AWS::EC2::SnapshotBlockPublicAccess - Amazon CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::EC2::SnapshotBlockPublicAccess

Specifies the state of the block public access for snapshots setting for the Region. For more information, see Block public access for snapshots.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EC2::SnapshotBlockPublicAccess",
  "Properties" : {
      "State" : String
    }
}

YAML

Type: AWS::EC2::SnapshotBlockPublicAccess
Properties:
  State: String

Properties

State

The mode in which to enable block public access for snapshots for the Region. Specify one of the following values:

  • block-all-sharing - Prevents all public sharing of snapshots in the Region. Users in the account will no longer be able to request new public sharing. Additionally, snapshots that are already publicly shared are treated as private and they are no longer publicly available.

    Note

    If you enable block public access for snapshots in block-all-sharing mode, it does not change the permissions for snapshots that are already publicly shared. Instead, it prevents these snapshots from be publicly visible and publicly accessible. Therefore, the attributes for these snapshots still indicate that they are publicly shared, even though they are not publicly available.

  • block-new-sharing - Prevents only new public sharing of snapshots in the Region. Users in the account will no longer be able to request new public sharing. However, snapshots that are already publicly shared, remain publicly available.

Required: Yes

Type: String

Allowed values: block-all-sharing | block-new-sharing

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the Amazon account.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

AccountId

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the Amazon account.