turbot/aws_compliance

Query: s3_access_point_restrict_public_access

Usage

powerpipe query aws_compliance.query.s3_access_point_restrict_public_access

Steampipe Tables

SQL

select
access_point_arn as resource,
case
when block_public_acls
and block_public_policy
and ignore_public_acls
and restrict_public_buckets then 'ok'
else 'alarm'
end as status,
case
when block_public_acls
and block_public_policy
and ignore_public_acls
and restrict_public_buckets then name || ' all public access blocks enabled.'
else name || ' not enabled for: ' || concat_ws(
', ',
case
when not block_public_acls then 'block_public_acls'
end,
case
when not block_public_policy then 'block_public_policy'
end,
case
when not ignore_public_acls then 'ignore_public_acls'
end,
case
when not restrict_public_buckets then 'restrict_public_buckets'
end
) || '.'
end as reason,
region,
account_id
from
aws_s3_access_point;

Controls

The query is being used by the following controls: