turbot/aws_perimeter

Control: S3 buckets should block public access at bucket level

Description

Ensure S3 buckets block public policy and ACL access at the bucket level.

Usage

Run the control in your terminal:

powerpipe control run aws_perimeter.control.s3_public_access_block_bucket

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_perimeter.control.s3_public_access_block_bucket --share

Steampipe Tables

SQL

select
arn as resource,
case
when block_public_acls
and block_public_policy
and ignore_public_acls
and restrict_public_buckets
then 'ok'
else 'alarm'
end as status,
case
when block_public_acls
and block_public_policy
and ignore_public_acls
and restrict_public_buckets
then name || ' all public access blocks enabled.'
else name || ' not enabled for: ' ||
concat_ws(', ',
case when not block_public_acls then 'block_public_acls' end,
case when not block_public_policy then 'block_public_policy' end,
case when not ignore_public_acls then 'ignore_public_acls' end,
case when not restrict_public_buckets then 'restrict_public_buckets' end
) || '.'
end as reason
, region, account_id
from
aws_s3_bucket;

Tags