Ensure S3 bucket has block public ACLS enabled

Error: S3 bucket has block public ACLS disabled

Bridgecrew Policy ID: BC_AWS_S3_19
Checkov Check ID: CKV_AWS_53
Severity: MEDIUM

S3 bucket has block public ACLS disabled

Description

Amazon S3 buckets and objects are configured to be private. They are protected by default, with the option to use Access Control Lists (ACLs) and bucket policies to grant access to other AWS accounts and to anonymous public requests. The Block public access to buckets and objects granted through new access control lists (ACLs) option does not allow the use of new public bucket or object ACLs, ensuring future PUT requests that include them will fail.

This setting helps protect against future attempts to use ACLs to make buckets or objects public. When an application tries to upload an object with a public ACL this setting will be blocked for public access.

We recommend you set S3 Bucket BlockPublicAcls to True.

Fix - Buildtime

Terraform
Resource: aws_s3_bucket_public_access_block
Argument: block_public_acls

resource "aws_s3_bucket_public_access_block" "artifacts" {
  count  = var.bucketname == "" ? 1 : 0
  bucket = aws_s3_bucket.artifacts[0].id
  
+ block_public_acls   = true
  block_public_policy = true
  restrict_public_buckets = true
  ignore_public_acls=true
}

Did this page help you?