Free S3 Bucket Policy Checker

Public S3 buckets are one of the most common cloud data leaks. Paste a bucket policy below to see, in plain English, what it grants and whether any statement opens the bucket to the public (Principal "*"), allows broad write/delete, or uses wildcard actions. It runs entirely in your browser — nothing is uploaded or logged.

Runs entirely in your browser. Nothing is sent anywhere or logged. Static checks only — and they do not see your account's Block Public Access settings, which can override a policy. For full AI-Powered analysis use the analyzer below.

One caveat: Block Public Access

This tool reads the policy text only. AWS S3 also has account- and bucket-level Block Public Access settings that can override a public-looking policy. A policy can say Principal: "*"yet still be blocked in practice if BPA is on. Treat a public finding here as "this policy would expose the bucket unless BPA stops it" — and keep BPA enabled wherever you do not explicitly need public access.

For full AI-Powered analysis and a corrected policy, use Shieldly's analyzer. See also the IAM policy linter and trust policy explainer.

Get AI-Powered analysis + the fix

The full analyzer explains every finding and returns a tightened policy in seconds. Free, no signup. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.