turbot/aws_perimeter
GitHub
Loading controls...

Control: S3 buckets should block public access at bucket level

Description

Ensure S3 buckets block public policy and ACL access at the bucket level.

Usage

Run the control in your terminal:

steampipe check aws_perimeter.control.s3_public_access_block_bucket

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_perimeter.control.s3_public_access_block_bucket

Plugins & Tables

SQL

select
arn as resource,
case
when block_public_acls
and block_public_policy
and ignore_public_acls
and restrict_public_buckets then 'ok'
else 'alarm'
end as status,
case
when block_public_acls
and block_public_policy
and ignore_public_acls
and restrict_public_buckets then name || ' all public access blocks enabled.'
else name || ' not enabled for: ' || concat_ws(
', ',
case
when not block_public_acls then 'block_public_acls'
end,
case
when not block_public_policy then 'block_public_policy'
end,
case
when not ignore_public_acls then 'ignore_public_acls'
end,
case
when not restrict_public_buckets then 'restrict_public_buckets'
end
) || '.'
end as reason,
region,
account_id
from
aws_s3_bucket;

Tags