AWS Config Rule: S3 Bucket Level Public Access Prohibited

Description: Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible. This rule is NON_COMPLIANT if an Amazon S3 bucket is not listed in the excludedPublicBuckets parameter and bucket level settings are public.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Osaka), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region

This config rule will check if an Amazon S3 bucket is publicly accesible at bucket level. If the rule founds a bucket with public access enabled, the rule will be marked as non-compliant.

In order to solve this, go to Amazon S3 service, look for the bucket and click on the name to edit. Once there, click on Permissions tab, find the Block public access (bucket settings) card and click on Edit button to turn on Block all public access option. You can check the following screenshot as a reference:

Note that this setting will block all public access to the bucket, so review your use scenario before making any changes.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here