[S3.2]
S3 buckets should prohibit public read access
Description
All S3 buckets must block public read access to the bucket. By not keeping your bucket publicly readable, you can ensure the integrity and security of your data. This rule is COMPLIANT when an S3 bucket does not allow public read access.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure network configuration |
| Compliance Control ID | S3.2 |
| FortifyFox ID | FF100047 |
| Link | S3.2 Compliance |
| Resource Type(s) | AWS::S3::Bucket |
| Severity | Critical |
| Parameters | PublicAccessBlockConfiguration |
| Value | Boolean (True or False) |
Remediation
Use the following CloudFormation templates to deploy an S3 bucket compliant with S3.2
YAML Template
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
JSON Template
{
"Resources": {
"dmsInstance": {
"Type": "AWS::S3::Bucket",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
}
}
}
}
}