AWS S3 Bucket BlockPublicPolicy is not set to True
Description
This policy ensures that Amazon S3 buckets have the `block public policy` setting enabled. Enabling this setting ensures that public bucket policies cannot be set, which helps prevent unauthorized access to the data stored in the S3 bucket. This policy checks whether the `BlockPublicPolicy` option is enabled in the `PublicAccessBlockConfiguration` of S3 buckets.
Code Example
go
resource "aws_s3_bucket_public_access_block" "artifacts" {
...
+ block_public_policy = true
}Remediation
Terraform
To fix this issue, ensure that the `block_public_policy` property in the `aws_s3_bucket_public_access_block` resource is set to `true`.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0107 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_54 |