[S3.8]
S3 Block Public Access setting should be enabled at the bucket level
Description
All Amazon Aurora clusters must have backtracking enabled. Keeping backups strengthen the robustness of your database and recover quickly from security incidents. This rule is COMPLIANT when an Amazon Aurora cluster has backtracking enabled.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure access management > Access control |
| Compliance Control ID | S3.8 |
| FortifyFox ID | FF100046 |
| Link | S3.8 Compliance |
| Resource Type(s) | AWS::S3::Bucket |
| Severity | High |
| Parameters | PublicAccessBlockConfiguration |
| Value | Boolean (True or False) |
Remediation
Use the following CloudFormation templates to deploy an S3 bucket compliant with S3.8
YAML Template
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
JSON Template
{
"Resources": {
"dmsInstance": {
"Type": "AWS::S3::Bucket",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
}
}
}
}
}