Control: S3 account settings should block public access
Description
Ensure S3 buckets block public policy and ACL access at the account level.
Usage
Run the control in your terminal:
powerpipe control run aws_perimeter.control.s3_public_access_block_accountSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_perimeter.control.s3_public_access_block_account --shareSQL
select 'arn' || ':' || 'aws' || ':::' || account_id as resource, case when block_public_acls and block_public_policy and ignore_public_acls and restrict_public_buckets then 'ok' else 'alarm' end as status, case when block_public_acls and block_public_policy and ignore_public_acls and restrict_public_buckets then 'Account level public access blocks enabled.' else 'Account level public access not enabled for: ' || concat_ws(', ', case when not (block_public_acls ) then 'block_public_acls' end, case when not (block_public_policy) then 'block_public_policy' end, case when not (ignore_public_acls ) then 'ignore_public_acls' end, case when not (restrict_public_buckets) then 'restrict_public_buckets' end ) || '.' end as reason , region, account_idfrom aws_s3_account_settings;