Skip to content

S3 bucket RestrictPublicBucket is not set to True

Description

The S3 Block Public Access configuration enables specifying whether S3 should restrict public bucket policies for buckets in this account. Setting RestrictPublicBucket to TRUE restricts access to buckets with public policies to only AWS services and authorized users within this account.

Enabling this setting does not affect previously stored bucket policies. Public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

Fix - Buildtime

Terraform

  • Resource: aws_s3_bucket_public_access_block
  • Argument: restrict_public_buckets

```go aws_s3_bucket_public_access_block.artifacts.tf resource "aws_s3_bucket_public_access_block" "artifacts" { ... + restrict_public_buckets = true }


## CloudFormation

- **Resource:** AWS::S3::Bucket
- **Argument:** Properties.PublicAccessBlockConfiguration.RestrictPublicBuckets

```yaml
Type: 'AWS::S3::Bucket'
    Properties:
      ...
      PublicAccessBlockConfiguration:
        ...
+       RestrictPublicBuckets: true