Ensure S3 Bucket has public access blocks
Error: S3 Bucket does not have public access blocks
Bridgecrew Policy ID: BC_AWS_NETWORKING_52
Checkov Check ID: CKV2_AWS_6
Severity: LOW
S3 Bucket does not have public access blocks
Description
When you create an S3 bucket, it is good practice to set the additional resource aws_s3_bucket_public_access_block to ensure the bucket is never accidentally public.
We recommend you ensure S3 bucket has public access blocks. If the public access block is not attached it defaults to False.
Fix - Buildtime
Terraform
- Resource: aws_s3_bucket, aws_s3_bucket_public_access_block
- Argument: block_public_acls and block_public_policy
resource "aws_s3_bucket" "bucket_good_1" {
bucket = "bucket_good"
}
+ resource "aws_s3_bucket_public_access_block" "access_good_1" {
+ bucket = aws_s3_bucket.bucket_good_1.id
+
+ block_public_acls = true
+ block_public_policy = true
+ }
Updated 4 months ago