S3 buckets should have all “block public access” options enabled¶
Description¶
S3 buckets should have all block public access options enabled. AWS’s S3 Block Public Access feature has four settings: BlockPublicAcls
, IgnorePublicAcls
, BlockPublicPolicy
, and RestrictPublicBuckets
. All four settings should be enabled to help prevent the risk of a data breach.
Console Remediation Steps¶
Navigate to S3.
In the Bucket name list, choose the name of the bucket that you want.
Choose Permissions.
Choose Edit to change the public access settings for the bucket.
Check the box for Block all public access.
Click Save.
When you’re asked for confirmation, enter
confirm
. Then choose Confirm to save your changes.
CLI Remediation Steps¶
To enable all four block public access settings for a bucket:
aws s3api put-public-access-block \
--bucket fugue-bucket-example \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"