Ensure S3 Bucket has public access blocks

Error: S3 Bucket does not have public access blocks

Bridgecrew Policy ID: BC_AWS_NETWORKING_52
Checkov Check ID: CKV2_AWS_6
Severity: LOW

S3 Bucket does not have public access blocks

Description

When you create an S3 bucket, it is good practice to set the additional resource aws_s3_bucket_public_access_block to ensure the bucket is never accidentally public.

We recommend you ensure S3 bucket has public access blocks. If the public access block is not attached it defaults to False.

Fix - Buildtime

Terraform

  • Resource: aws_s3_bucket, aws_s3_bucket_public_access_block
  • Argument: block_public_acls and block_public_policy
resource "aws_s3_bucket" "bucket_good_1" {
  bucket = "bucket_good"
}


+ resource "aws_s3_bucket_public_access_block" "access_good_1" {
+   bucket = aws_s3_bucket.bucket_good_1.id
+
+   block_public_acls   = true
+   block_public_policy = true
+ }