Skip to content

S3 bucket IgnorePublicAcls is not set to True

Description

The IgnorePublicAcls setting causes S3 to ignore all public ACLs on a bucket and any objects that it contains. Enabling this setting does not affect the persistence of any existing ACLs and does not prevent new public ACLs from being set.

This setting will block public access granted by ACLs while still allowing PUT Object calls that include a public ACL.

Fix - Buildtime

Terraform

  • Resource: aws_s3_bucket_public_access_block
  • Argument: ignore_public_acls

```go aws_s3_bucket_public_access_block.artifacts.tf resource "aws_s3_bucket_public_access_block" "artifacts" { ... restrict_public_buckets = true + ignore_public_acls=true }


## CloudFormation

- **Resource:** AWS::S3::Bucket
- **Argument:** Properties.PublicAccessBlockConfiguration.IgnorePublicAcls

```yaml
Type: 'AWS::S3::Bucket'
    Properties:
    ...
    PublicAccessBlockConfiguration:
        ...
+       IgnorePublicAcls: true