Skip to content

Files

Latest commit

 

History

History
35 lines (23 loc) · 797 Bytes

aws-s3-block-public-acls.md

File metadata and controls

35 lines (23 loc) · 797 Bytes

Pattern: Disabled block_public_acls for AWS S3 bucket

Issue: -

Description

S3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL.

Resolution: Enable blocking any PUT calls with a public ACL specified.

Examples

Example of incorrect code:

resource "aws_s3_bucket_public_access_block" "bad_example" {
	bucket = aws_s3_bucket.example.id
}

resource "aws_s3_bucket_public_access_block" "bad_example" {
	bucket = aws_s3_bucket.example.id
  
	block_public_acls = false
}

Example of correct code:

resource "aws_s3_bucket_public_access_block" "good_example" {
	bucket = aws_s3_bucket.example.id
  
	block_public_acls = true
}