Blocking account-wide creation of public S3 buckets through a CloudFormation custom resource
Yesterday, AWS announced the release of an important and much-wanted new feature for S3: blocking the creation of public S3 buckets on an account-wide. Enough has been written already about open S3 buckets on the internet. Given that it is very simple to create a public S3 bucket, we regularly learn about new (big) companies that have exposed privacy-sensitive data to the world through such buckets. The confusion is mainly around opening up your bucket to “everyone”.