Control: AWS > PCI v3.2.1 > S3 > 1 S3 buckets should prohibit public write access
This control checks whether your S3 buckets allow public write access by evaluating the Block Public Access settings, the bucket policy, and the bucket access control list (ACL).
It does not check for write access to the bucket by internal principals, such as IAM roles. You should ensure that access to the bucket is restricted to authorized principals only.
Remediation
- Open the Amazon S3 console.
- Choose the name of the bucket identified in the finding.
- Choose Permissions and then choose Public access settings.
- Choose Edit, select all four options, and then choose Save.
- If prompted, enter
confirm
and then choose Confirm.
PCI requirement(s): 1.2.1, 1.3.1, 1.3.2, 1.3.4, 1.3.6, 7.2.1
Resource Types
This control targets the following resource types:
Category
In Your Workspace
Developers
- tmod:@turbot/aws-pciv3-2-1#/control/types/s3BucketRestrictPublicWriteAccess
- tmod:@turbot/turbot#/control/categories/compliancePci
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-pciv3-2-1#/control/types/s3BucketRestrictPublicWriteAccess"
Get Controls
Control Type URI
Category URI
GraphQL
CLI