S3 buckets should each define an aws_s3_bucket_public_access_block
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | s3 |
| Provider | AWS |
Description#
S3 buckets are missing a dedicated aws_s3_bucket_public_access_block resource, which means public access settings are not centrally enforced. Without this, individual bucket policies or ACLs may unintentionally allow public access.
Impact#
Sensitive data in S3 buckets could be exposed to the public if permissive policies or ACLs are applied, leading to potential data breaches, unauthorized access, and compliance violations.
Resolution#
Define a aws_s3_bucket_public_access_block for the given bucket to control public access policies