Pattern: Unignored public ACL for AWS S3 bucket
Issue: -
S3 buckets should ignore public ACLs on buckets and any objects they contain. By ignoring rather than blocking, PUT calls with public ACLs will still be applied but the ACL will be ignored.
Resolution: Enable ignoring the application of public ACLs in PUT calls.
Example of incorrect code:
resource "aws_s3_bucket_public_access_block" "bad_example" {
bucket = aws_s3_bucket.example.id
}
resource "aws_s3_bucket_public_access_block" "bad_example" {
bucket = aws_s3_bucket.example.id
ignore_public_acls = false
}Example of correct code:
resource "aws_s3_bucket_public_access_block" "good_example" {
bucket = aws_s3_bucket.example.id
ignore_public_acls = true
}