Block Public Acls | Vulnerability Database

S3 Access block should block public ACL

S3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.

Impact

PUT calls with public ACLs specified can make objects public

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable blocking any PUT calls with a public ACL specified

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
  GoodExample:
    Properties:
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
    Type: AWS::S3::Bucket

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

    <button
      data-tab-item="Management Console"
      data-tab-group="remediation"
      class="tab-nav-button btn active"
      onclick="switchTab('remediation','Management Console')"
     >Management Console</button>

</div>
<div class="tab-content">
    
    <div data-tab-item="Management Console" data-tab-group="remediation" class="tab-item active">
        <ol>

    </div>
    
</div>

Enable blocking any PUT calls with a public ACL specified

1
2
3
4
5
6
7
8


resource "aws_s3_bucket" "good_example" {
  bucket = "mybucket"
}

resource "aws_s3_bucket_public_access_block" "good_example" {
  bucket = aws_s3_bucket.good_example.id
  block_public_acls = true
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#block_public_acls