S3 Access block should block public policy
S3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Prevent policies that allow public access being PUT
1
2
3
4
5
6
7
8
9
|
Resources:
GoodExample:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
|
Prevent policies that allow public access being PUT
1
2
3
4
5
6
7
8
|
resource "aws_s3_bucket" "example" {
bucket = "mybucket"
}
resource "aws_s3_bucket_public_access_block" "good_example" {
bucket = aws_s3_bucket.example.id
block_public_policy = true
}
|
Links