S3 bucket BlockPublicPolicy is not set to True
Description
Amazon S3 Block Public Access policy works at the account level and on individual buckets, including those created in the future. It provides the ability to block existing public access, whether specified by an ACL or a policy, and ensures public access is not granted to newly created items.
If an AWS account is used to host a data lake or another business application, blocking public access will serve as an account-level guard against accidental public exposure.
Fix - Buildtime
Terraform
Resource: aws_s3_bucket_public_access_block
Argument: block_public_policy
```go aws_s3_bucket_public_access_block.artifacts.tf resource "aws_s3_bucket_public_access_block" "artifacts" { count = var.bucketname == "" ? 1 : 0 bucket = aws_s3_bucket.artifacts[0].id
block_public_acls = true + block_public_policy = true restrict_public_buckets = true ignore_public_acls=true } ```