Ensure AWS S3 access point block public access setting is enabled
Description
This policy checks whether the AWS S3 access point block public access setting is enabled. The block public access feature helps prevent data breaches by limiting public access to S3 resources. If this setting is not enabled, an S3 access point may be publicly accessible, potentially exposing sensitive data. It is essential to enable this setting to ensure the security and integrity of data stored in S3 access points.
Code Example
terraform
resource "aws_s3_access_point" "example" {
public_access_block_configuration {
block_public_acls = true
block_public_policy = true
restrict_public_buckets = true
ignore_public_acls = true
}
}Remediation
Enable the block public access setting for the S3 access point by setting block_public_acls, block_public_policy, and restrict_public_buckets to True.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0439 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | aws_s3_access_point |
| Checkov ID | CKV_AWS_392 |