Pattern: Use of public bucket for AWS S3
Issue: -
S3 buckets should restrict public policies for the bucket. By enabling the restrict_public_buckets only the bucket owner and AWS Services can access if it has a public policy.
Resolution: Limit the access to public buckets to only the owner or AWS Services (e.g. CloudFront).
Example of incorrect code:
resource "aws_s3_bucket_public_access_block" "bad_example" {
bucket = aws_s3_bucket.example.id
}
resource "aws_s3_bucket_public_access_block" "bad_example" {
bucket = aws_s3_bucket.example.id
restrict_public_buckets = false
}Example of correct code:
resource "aws_s3_bucket_public_access_block" "good_example" {
bucket = aws_s3_bucket.example.id
restrict_public_buckets = true
}