S3 Bucket Security Scanner

AWS Credentials

Enter your AWS credentials to begin. They are used only for this session and are not stored on any server.

AWS Access Key ID

AWS Secret Access Key

AWS Region Select a Region af-south-1 ap-east-1 ap-northeast-1 ap-northeast-2 ap-northeast-3 ap-south-1 ap-southeast-1 ap-southeast-2 ca-central-1 eu-central-1 eu-north-1 eu-south-1 eu-west-1 eu-west-2 eu-west-3 me-south-1 sa-east-1 us-east-1 us-east-2 us-west-1 us-west-2

Set Credentials

Compare Scans

Understanding the Results

This tool checks the Block Public Access settings for each S3 bucket. This is a centralized security feature to prevent accidental public exposure.

Result Categories

⚠️ No Block Set: Critical. No "Block Public Access" is configured at all. These buckets rely on older, error-prone ACLs or policies and should be secured immediately.

❌ Potentially Public: Warning. The block is configured, but at least one of the four underlying settings is disabled. This might be intentional (e.g., for a public website) but must be reviewed carefully.

✅ Private: Secure. All four "Block Public Access" settings are enabled, providing the strongest protection against data leaks.

The Four Settings

The "Block Public Access" configuration consists of four individual settings:

• BlockPublicAcls: Prevents new public Access Control Lists (ACLs) from being applied to the bucket.
• IgnorePublicAcls: Ignores any existing public ACLs on the bucket, effectively making them private.
• BlockPublicPolicy: Prevents new public bucket policies from being applied.
• RestrictPublicBuckets: Restricts access to buckets with public policies to only AWS services and authorized users.