AWS S3 bucket RestrictPublicBucket is not set to True
Description
The S3 Block Public Access configuration enables specifying whether S3 should restrict public bucket policies for buckets in this account. Setting RestrictPublicBucket to TRUE restricts access to buckets with public policies to only AWS services and authorized users within this account. Enabling this setting does not affect previously stored bucket policies. Public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
Code Example
go
resource "aws_s3_bucket_public_access_block" "artifacts" {
...
+ restrict_public_buckets = true
}Remediation
Terraform
- Resource: aws_s3_bucket_public_access_block
- Arguments: restrict_public_buckets
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0109 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_56 |