Control: S3 bucket should have block public policy enabled
Description
Manage access to resources in the AWS Cloud by ensuring that Amazon Simple Storage Service (Amazon S3) buckets cannot be publicly accessed.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.s3_bucket_block_public_policy_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.s3_bucket_block_public_policy_enabled --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std ->> 'block_public_policy')::boolean then 'ok' else 'alarm' end as status, split_part(address, '.', 2) || case when (attributes_std -> 'block_public_policy') is null then ' block_public_acls not defined' when (attributes_std ->> 'block_public_policy')::boolean then ' block_public_policy enabled' else ' block_public_policy disabled' end || '.' as reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_s3_bucket_public_access_block';