Control: S3 access points should have block public access settings enabled
Description
This control checks whether an Amazon S3 access point has block public access settings enabled. The control fails if block public access settings aren't enabled for the access point.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.s3_access_point_restrict_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.s3_access_point_restrict_public_access --shareSQL
This control uses a named query:
select access_point_arn as resource, case when block_public_acls and block_public_policy and ignore_public_acls and restrict_public_buckets then 'ok' else 'alarm' end as status, case when block_public_acls and block_public_policy and ignore_public_acls and restrict_public_buckets then name || ' all public access blocks enabled.' else name || ' not enabled for: ' || concat_ws(', ', case when not block_public_acls then 'block_public_acls' end, case when not block_public_policy then 'block_public_policy' end, case when not ignore_public_acls then 'ignore_public_acls' end, case when not restrict_public_buckets then 'restrict_public_buckets' end ) || '.' end as reason , region, account_idfrom aws_s3_access_point;