Private/Public S3 Add-ons
Enabling the Private/Public S3 add-ons will create an S3 bucket and give the app full read/write permissions to it via it's task role. As you'd expect, a public bucket has files that are publicly accessible on the internet while the private bucket only allows authenticated access. Private files may still be served to end-users by generating presigned URLs within your application.
In the case of Review Apps, a single S3 bucket will be setup for the Pipeline and shared among all Review Apps. Each Review App will be given access to a unique prefix within the bucket.
Public S3 buckets violate control S3.2 of Amazon's Foundational Security Best Practices. In some scenarios, this is not a problem, but be sure you understand the potential risk before enabling them.
Destroying the application will destroy the bucket(s) and all files in them.
Public S3 Add-on
PUBLIC_S3_BUCKETthe name of the bucket created for the app
PUBLIC_S3_PREFIXReview Apps only. The name of the S3 object prefix accessible to the application
Private S3 Add-on
PRIVATE_S3_BUCKETthe name of the bucket created for the app
PRIVATE_S3_PREFIXReview Apps only. The name of the S3 object prefix accessible to the application