Default settings for new S3 buckets FAQ - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Default settings for new S3 buckets FAQ

Starting in April 2023, Amazon S3 will change the default settings for S3 Block Public Access and S3 Object Ownership (ACLs disabled) for all new S3 buckets. For new buckets created after this update, all S3 Block Public Access settings will be enabled, and S3 access control lists (ACLs) will be disabled. These defaults are the recommended best practices for securing data in Amazon S3. You can adjust these settings after creating your bucket. For more information, see Heads-Up: Amazon S3 Security Changes Are Coming in April of 2023 in the Amazon News Blog.

The following sections answer questions about this update that will occur in April 2023.

In April 2023, will the new default settings take effect for all newly created buckets?

Yes. During the month of April in 2023, the new default settings will gradually be rolled out across all Amazon Web Services Regions, including the Amazon GovCloud (US) Regions and the Amazon China Regions.

How long will it take before this rollout covers all Amazon Web Services Regions?

This update will take several weeks to roll out. We will publish a What's New post when we start to deploy this update.

How will I know that the update is complete?

We will announce completion of the rollout in a What's New post. After the update is complete, all new S3 buckets will automatically have Block Public Access enabled and ACLs disabled by default. You can adjust these settings after creating your S3 bucket.

Will Amazon S3 update my existing bucket configurations?

No. There will be no changes to the configuration of existing buckets. After the update is complete for your Amazon Web Services Region, the new default settings will apply only to new S3 buckets.

Can I enable Block Public Access or disable ACLs for new buckets before the update is complete?

Yes. You can enable Block Public Access or disable ACLs after you create an S3 bucket before this update is complete for your Amazon Web Services Region. For more information about these settings, see Blocking public access to your Amazon S3 storage and Controlling ownership of objects and disabling ACLs for your bucket.

How do I prepare for this update?

The majority of S3 use cases don't require public access or ACLs. For most customers, no action is required. If you have use cases that require public bucket access or the use of ACLs, you can disable Block Public Access or enable ACLs after you create an S3 bucket. In these cases, you might need to update automation scripts, Amazon CloudFormation templates, or other infrastructure configuration tools to configure these settings. For more information, see Blocking public access to your Amazon S3 storage and Controlling ownership of objects and disabling ACLs for your bucket. Also, see AWS::S3::Bucket PublicAccessBlockConfiguration and AWS::S3::Bucket OwnershipControls in the Amazon CloudFormation User Guide.

Are there any changes to Amazon S3 pricing as a result of this change?

No. You will be billed for storage, requests, and other Amazon S3 features as you normally would. For pricing, see Amazon S3 pricing.