Link Search Menu Expand Document

S3 Access block should block public policy

Explanation

S3 bucket policy should have block public policy to prevent users from PUTing a policy that enable public access.

Insecure Example

The following example will fail the AWS076 check.

resource "aws_s3_bucket_public_access_block" "bad_example" {
	bucket = aws_s3_bucket.example.id
}

resource "aws_s3_bucket_public_access_block" "bad_example" {
	bucket = aws_s3_bucket.example.id
  
	block_public_policy = false
}

Secure Example

The following example will pass the AWS076 check.

resource "aws_s3_bucket_public_access_block" "good_example" {
	bucket = aws_s3_bucket.example.id
  
	block_public_policy = true
}