Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Enable block public access for snapshots
Use the following procedures to configure and monitor block public access for snapshots.
Configure block public access for snapshots
Enable block public access for snapshots to prevent the public sharing of snapshots in the
Region. After this feature is enabled, requests to publicly share snapshots in the Region are blocked.
If block public access for snapshots is enabled in block all sharing
mode, and you change the mode to block new sharing, all snapshots that
were previously publicly shared are no longer treated as private and they become publicly
accessible again.
- Console
-
To configure block public access for snapshots
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose EC2 Dashboard, and then in
Account attributes (on the right-hand side), choose
Data protection and security.
-
In the Block public access for EBS snapshots section, choose
Manage.
-
Select Block public access and then choose one of the
following options:
-
Block all public access — To block all public sharing of your
snapshots. Users in the account can't request new public sharing. Additionally, snapshots that
were already publicly shared are treated as private and are no longer publicly available.
-
Block new public sharing — To block only new public sharing of
your snapshots. Users in the account can't request new public sharing. However, snapshots that
were already publicly shared, remain publicly available.
-
Choose Update.
- Amazon CLI
-
To enable or modify block public access for snapshots
Use the enable-snapshot-block-public-access
command. For --state
specify one of the following values:
-
block-all-sharing
— To block all public sharing of your
snapshots. Users in the account can't request new public sharing. Additionally, snapshots that
were already publicly shared are treated as private and are no longer publicly available.
-
block-new-sharing
— To block only new public sharing of
your snapshots. Users in the account can't request new public sharing. However, snapshots that
were already publicly shared, remain publicly available.
To enable or modify block public access for snapshots for a specific Region
aws ec2 enable-snapshot-block-public-access \
--state block-all-sharing|block-new-sharing
\
--region us-east-1
Example output
{
"State": "block-new-sharing"
}
To enable or modify block public access for snapshots for all Regions
echo -e "Region \t Public Access State" ; \
echo -e "-------------- \t ----------------------" ; \
for region in $(
aws ec2 describe-regions \
--region us-east-1 \
--query "Regions[*].[RegionName]" \
--output text
);
do (output=$(
aws ec2 enable-snapshot-block-public-access \
--region $region \
--state block-all-sharing|block-new-sharing
\
--output text)
echo -e "$region \t $output"
);
done
Example output
Region Public Access State
-------------- ----------------------
ap-south-1 block-new-sharing
eu-north-1 block-new-sharing
eu-west-3 block-new-sharing
…
- Tools for PowerShell
-
To enable or modify block public access for snapshots
Use the
Enable-EC2SnapshotBlockPublicAccess command. For -State
specify one of the
following values:
-
block-all-sharing
— To block all public sharing of your
snapshots. Users in the account can't request new public sharing. Additionally, snapshots that
were already publicly shared are treated as private and are no longer publicly available.
-
block-new-sharing
— To block only new public sharing of
your snapshots. Users in the account can't request new public sharing. However, snapshots that
were already publicly shared, remain publicly available.
To enable or modify block public access for snapshots for a specific Region
Enable-EC2SnapshotBlockPublicAccess `
-Region us-east-1
`
-State block-new-sharing | block-all-sharing
Example output
Value
-----
block-new-sharing
To enable or modify block public access for snapshots for all Regions
(Get-EC2Region -Region us-east-1).RegionName | `
ForEach-Object {
[PSCustomObject]@{
Region = $_
PublicAccessState = (
Enable-EC2SnapshotBlockPublicAccess `
-Region $_ `
-State block-new-sharing | block-new-sharing
)
}
} | `
Format-Table -AutoSize
Example output
Region PublicAccessState
------ -----------------
ap-south-1 block-new-sharing
eu-north-1 block-new-sharing
eu-west-3 block-new-sharing
...
View the setting for block public access for snapshots
Block public access can be in one of the following states for each Region in your account.
-
Block all sharing — All public sharing of your snapshots is
blocked. Users in the account can't request new public sharing. Additionally, snapshots that were already
publicly shared are treated as private and are not publicly available.
-
Block new sharing — Only new public sharing of your snapshots
is blocked. Users in the account can't request new public sharing. However, snapshots that were already
publicly shared, remain publicly available.
-
Unblocked — Public sharing is not blocked. Users can publicly
share snapshots.
- Console
-
To view the setting for block public access for snapshots
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose EC2 Dashboard, and then in
Account attributes (on the right-hand side), choose
Data protection and security.
-
The Block public access for EBS snapshots section shows the
current setting.
- Amazon CLI
-
To view the setting for block public access for snapshots
Use the get-snapshot-block-public-access-state
command.
-
For a specific Region
aws ec2 get-snapshot-block-public-access-state --region us-east-1
Example output
{
"State": "unblocked"
}
-
For all Regions
echo -e "Region \t Public Access State" ; \
echo -e "-------------- \t ----------------------" ; \
for region in $(
aws ec2 describe-regions \
--region us-east-1 \
--query "Regions[*].[RegionName]" \
--output text
);
do (output=$(
aws ec2 get-snapshot-block-public-access-state \
--region $region \
--output text)
echo -e "$region \t $output"
);
done
Example output
Region Public Access State
-------------- ----------------------
ap-south-1 unblocked
eu-north-1 unblocked
eu-west-3 unblocked
- Tools for Windows PowerShell
-
To view the setting for block public access for snapshots
Use the
Get-EC2SnapshotBlockPublicAccessState command.
-
For a specific Region
Get-EC2SnapshotBlockPublicAccessState -Region us-east-1
Example output
Value
-----
block-new-sharing
-
For all Regions
(Get-EC2Region -Region us-east-1).RegionName | `
ForEach-Object {
[PSCustomObject]@{
Region = $_
PublicAccessState = (Get-EC2SnapshotBlockPublicAccessState -Region $_)
}
} | `
Format-Table -AutoSize
Example output
Region Public Access State
-------------- ----------------------
ap-south-1 unblocked
eu-north-1 unblocked
eu-west-3 unblocked
...
Disable block public access for snapshots
Disable block public access for snapshots to allow public sharing of snapshots in the
Region. After this feature is disabled, users can publicly share snapshots in the Region.
If block public access for snapshots is enabled in block all sharing
mode, and you disable block public access, all snapshots that were previously publicly shared
are no longer treated as private and they become publicly accessible again.
- Console
-
To disable block public access for snapshots
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose EC2 Dashboard, and then in
Account attributes (on the right-hand side), choose
Data protection and security.
-
In the Block public access for EBS snapshots section, choose
Manage.
-
Clear Block public access and choose Update.
- Amazon CLI
-
To disable block public access for snapshots
Use the disable-snapshot-block-public-access
command.
-
For a specific Region
aws ec2 disable-snapshot-block-public-access --region us-east-1
Example output
{
"State": "unblocked"
}
-
For all Regions
echo -e "Region \t Public Access State" ; \
echo -e "-------------- \t ----------------------" ; \
for region in $(
aws ec2 describe-regions \
--region us-east-1 \
--query "Regions[*].[RegionName]" \
--output text
);
do (output=$(
aws ec2 disable-snapshot-block-public-access \
--region $region \
--output text)
echo -e "$region \t $output"
);
done
Example output
Region Public Access State
-------------- ----------------------
ap-south-1 unblocked
eu-north-1 unblocked
eu-west-3 unblocked
- Tools for Windows PowerShell
-
To disable block public access for snapshots
Use the
Disable-EC2SnapshotBlockPublicAccess command.
-
For a specific Region
Disable-EC2SnapshotBlockPublicAccess -Region us-east-1
Example output
Value
-----
unblocked
-
For all Regions
(Get-EC2Region -Region us-east-1).RegionName | `
ForEach-Object {
[PSCustomObject]@{
Region = $_
PublicAccessState = (Disable-EC2SnapshotBlockPublicAccess -Region $_)
}
} | `
Format-Table -AutoSize
Example output
Region PublicAccessState
------ -----------------
ap-south-1 unblocked
eu-north-1 unblocked
eu-west-3 unblocked
...