S3 will automatically block public access and disable ACL for new buckets

With the amount of information leaks that have occurred from S3 buckets being public, I'm surprised this wasn't fixed a decade ago.

People who say this should have been done earlier, what is the use case where you considered this a problem? This was already the console UI default for manually created new buckets. Was it a problem with using CloudFormation or APIs to create buckets?

Perhaps you&#x27;re familiar with the saying: &quot;Make something idiot-proof and someone will make a better idiot.&quot;<p>Don&#x27;t get me wrong; these are good settings and I applaud AWS for making them. They certainly will reduce the chances of people accidentally making a bucket public. I&#x27;m just sad because I know there are those intentionally making a bucket public when they shouldn&#x27;t.<p>Sometimes it&#x27;s just easier to chmod 777 and watch all your access problems disappear.

We wrote a post on this and some of the nuances&#x2F;discrepancies for these S3 settings: <a href="https:&#x2F;&#x2F;www.cloudquery.io&#x2F;blog&#x2F;finding-enabled-s3-acls-and-disabled-s3-block-public-access" rel="nofollow">https:&#x2F;&#x2F;www.cloudquery.io&#x2F;blog&#x2F;finding-enabled-s3-acls-and-d...</a>

Better late than never.

At long last