grafclouds.com / documents / training / devops-challenges / aws-s3-bucket-public

Your S3 Website Returns 403. Make the Bucket Public?

Beginner ~9 min read
AWSSecurity

Scenario

A site that serves its content from S3 has started returning 403 AccessDenied — the same setup worked fine in another environment. In this account, Block Public Access is enabled at both the account and the bucket level, the application in front of the bucket has its own IAM role, and the bucket holds more than just the public pages: some objects in it were never meant to be shared. A deadline is looming and the site is down.

The Quick Fix on the Table

A teammate proposes the sledgehammer: switch off Block Public Access and attach a bucket policy granting public read on everything. The 403s vanish immediately, the demo works, everyone moves on.

Interview · Round 1

The quick fix is on the table and the room is waiting for your call. Would you sign off on it? Take a position and justify it — out loud or on paper — before revealing the analysis.