Skip to content

S3 bucket has block public ACLS disabled

Description

Amazon S3 buckets and objects are configured to be private. They are protected by default, with the option to use Access Control Lists (ACLs) and bucket policies to grant access to other AWS accounts and to anonymous public requests. The Block public access to buckets and objects granted through new access control lists (ACLs) option does not allow the use of new public bucket or object ACLs, ensuring future PUT requests that include them will fail.

This setting helps protect against future attempts to use ACLs to make buckets or objects public. When an application tries to upload an object with a public ACL this setting will be blocked for public access.

We recommend you set S3 Bucket BlockPublicAcls to True.

Fix - Buildtime

Terraform

Resource: aws_s3_bucket_public_access_block
Argument: block_public_acls

```go aws_s3_bucket_public_access_block.artifacts.tf resource "aws_s3_bucket_public_access_block" "artifacts" { count = var.bucketname == "" ? 1 : 0 bucket = aws_s3_bucket.artifacts[0].id

  • block_public_acls = true block_public_policy = true restrict_public_buckets = true ignore_public_acls=true } ```