Control: 1 S3 Block Public Access setting should be enabled
Description
The control passes if all of the public access block settings are set to true.
The control fails if any of the settings are set to false, or if any of the settings are not configured. When the settings do not have a value, the AWS Config rule cannot complete its evaluation.
Amazon S3 public access block is designed to provide controls across an entire AWS account or at the individual S3 bucket level to ensure that objects never have public access. Public access is granted to buckets and objects through access control lists (ACLs), bucket policies, or both.
Unless you intend to have your S3 buckets be publicly accessible, you should configure the account level Amazon S3 Block Public Access feature.
Remediation
To remediate this issue, enable Amazon S3 Block Public Access.
To enable Amazon S3 Block Public Access
- Open the Amazon S3 console.
- Choose Block public access (account settings).
- Choose
Edit
. - Select
Block all public access
. - Choose
Save
changes.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_s3_1
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_s3_1 --share
SQL
This control uses a named query:
s3_public_access_block_account