AWS enabled S3 Block Public Access for new buckets

Question

AWS enabled S3 Block Public Access for new buckets

n0sandb0x opened this issue a year ago · comments

Hi,

Recently I was trying to install the AWS goat in my Linux machine and despite providing the creds for Administrator access user I was getting the following error again and again

 AccessControlListNotSupported: The bucket does not allow ACLs

Maybe It's because of this can you please confirm from your side?

https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/

Thanks

Ramandeep Singh · Answer 1 · Thu Jul 13 2023 13:54:43 GMT+0800 (China Standard Time)

Getting the same error! Please help how to fix this

crusher · Answer 2 · Sat Jul 29 2023 00:04:30 GMT+0800 (China Standard Time)

The error is caused by the S3 buckets' "Block Public Access" settings. I wrote a small bash script to fix it for each bucket in the account. Be careful.

#!/bin/bash

# List all buckets and convert tab spaces to newlines
buckets=$(aws s3api list-buckets --query 'Buckets[].Name' --output text | tr "\t" "\n")

# Loop through all buckets
for bucket in $buckets; do
    echo "Updating bucket: $bucket"
    
    # Disable Block Public Access settings
    aws s3api put-public-access-block \
        --bucket $bucket \
        --public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
done

echo "All buckets updated."

Shantanu Kale · Answer 3 · Mon Aug 07 2023 20:26:31 GMT+0800 (China Standard Time)

Hi @n0sandb0x @rdsece @chryzsh , the PR #37 was merged to handle the AWS change that disabled ACLs for newly created buckets. Since then we have tested the AWS GOAT Deployment multiple times unable to replicate the issue you faced. I would recommend you to sync the latest changes to your forks and redeploy.