Skip to content

S3 Bucket does not have public access blocks

Description

When you create an S3 bucket, it is good practice to set the additional resource aws_s3_bucket_public_access_block to ensure the bucket is never accidentally public.

We recommend you ensure S3 bucket has public access blocks. If the public access block is not attached it defaults to False.

Fix - Buildtime

Terraform

  • Resource: aws_s3_bucket, aws_s3_bucket_public_access_block
  • Argument: block_public_acls and block_public_policy
resource "aws_s3_bucket" "bucket_good_1" {
  bucket = "bucket_good"
}


+ resource "aws_s3_bucket_public_access_block" "access_good_1" {
+   bucket = aws_s3_bucket.bucket_good_1.id
+
+   block_public_acls   = true
+   block_public_policy = true
+ }