S3 Access block should block public policy

Explanation

S3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.

Possible Impact

Users could put a policy that allows public access

Suggested Resolution

Prevent policies that allow public access being PUT

Insecure Example

The following example will fail the aws-s3-block-public-policy check.

resource "aws_s3_bucket_public_access_block" "bad_example" {
	bucket = aws_s3_bucket.example.id
}

resource "aws_s3_bucket_public_access_block" "bad_example" {
	bucket = aws_s3_bucket.example.id
  
	block_public_policy = false
}

Secure Example

The following example will pass the aws-s3-block-public-policy check.

resource "aws_s3_bucket_public_access_block" "good_example" {
	bucket = aws_s3_bucket.example.id
  
	block_public_policy = true
}

Getting Started
Provider Checks
Config
GitHub Actions