AWS S3 bucket IgnorePublicAcls is not set to True
Description
The IgnorePublicAcls setting causes S3 to ignore all public ACLs on a bucket and any objects that it contains. Enabling this setting does not affect the persistence of any existing ACLs and does not prevent new public ACLs from being set. This setting will block public access granted by ACLs while still allowing PUT Object calls that include a public ACL.
Code Example
go
resource "aws_s3_bucket_public_access_block" "artifacts" {
...
restrict_public_buckets = true
+ ignore_public_acls=true
}Remediation
Terraform
- Resource: aws_s3_bucket_public_access_block
- Arguments: ignore_public_acls
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0108 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_55 |