Check provider logo

Check S3 Bucket Level Public Access Block.

s3_bucket_level_public_access_block

Severitymedium
Services3
by Prowler

Check S3 Bucket Level Public Access Block.

Risk

Public access policies may be applied to sensitive data buckets.

Run this check with Prowler CLI

prowler aws --checks s3_bucket_level_public_access_block

Run in Prowler Cloud

ARN template

arn:partition:s3:::bucket_name

Remediation

CLI

aws s3api put-public-access-block --region <REGION_NAME> --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true --bucket <BUCKET_NAME>

Terraform

https://docs.prowler.com/checks/aws/s3-policies/bc_aws_s3_20#terraform

Other

https://github.com/cloudmatos/matos/tree/master/remediations/aws/s3/s3/block-public-access

WUI

You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.

References:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html

Source Code

References

Resource Type

AwsS3Bucket

Related URL