[S3.3]
S3 buckets should prohibit public write access
Description
All S3 buckets must block write public access to the bucket. By not keeping your bucket publicly writable, you can ensure the integrity and security of your data. This rule is COMPLIANT when an S3 bucket does not allow public write access.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure network configuration |
| Compliance Control ID | S3.3 |
| FortifyFox ID | FF100048 |
| Link | S3.3 Compliance |
| Resource Type(s) | AWS::S3::Bucket |
| Severity | Critical |
| Parameters | PublicAccessBlockConfiguration |
| Value | Boolean (True or False) |
Remediation
Use the following CloudFormation templates to deploy an S3 bucket compliant with S3.3
YAML Template
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
JSON Template
{
"Resources": {
"dmsInstance": {
"Type": "AWS::S3::Bucket",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
}
}
}
}
}