tests for partial block access configuration

cdklabs · May 8, 2023 · 3f9bfca · 3f9bfca
1 parent 55a38c8
commit 3f9bfca
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/test/rules/S3.test.ts b/test/rules/S3.test.ts
@@ -14,6 +14,7 @@ import {
   StarPrincipal,
 } from 'aws-cdk-lib/aws-iam';
 import {
+  BlockPublicAccess,
   Bucket,
   BucketAccessControl,
   BucketEncryption,
@@ -96,6 +97,18 @@ describe('Amazon Simple Storage Service (S3)', () => {
       });
       validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
     });
+    test('Noncompliance 2', () => {
+      new Bucket(stack, 'rBucket', {
+        blockPublicAccess: new BlockPublicAccess({ blockPublicAcls: true }),
+      });
+      validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
+    });
+    test('Noncompliance 3', () => {
+      new CfnBucket(stack, 'Bucket', {
+        publicAccessBlockConfiguration: { blockPublicAcls: true },
+      });
+      validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
+    });
     test('Compliance', () => {
       new Bucket(stack, 'rBucket');
       new Bucket(stack, 'rBucket2', {