Ensure S3 Bucket BlockPublicPolicy is set to True
Error: S3 bucket BlockPublicPolicy is not set to True
Policy ID: BC_AWS_S3_20
Checkov Check ID: CKV_AWS_54
Severity: MEDIUM
S3 bucket BlockPublicPolicy is not set to True
Description
Amazon S3 Block Public Access policy works at the account level and on individual buckets, including those created in the future. It provides the ability to block existing public access, whether specified by an ACL or a policy, and ensures public access is not granted to newly created items.
If an AWS account is used to host a data lake or another business application, blocking public access will serve as an account-level guard against accidental public exposure.
Fix - Buildtime
Terraform
Resource: aws_s3_bucket_public_access_block
Argument: block_public_policy
resource "aws_s3_bucket_public_access_block" "artifacts" {
count = var.bucketname == "" ? 1 : 0
bucket = aws_s3_bucket.artifacts[0].id
block_public_acls = true
+ block_public_policy = true
restrict_public_buckets = true
ignore_public_acls=true
}
Updated 5 months ago