Control: AWS > PCI v3.2.1 > S3 > 6 S3 Block Public Access setting should be enabled

This control checks whether the following public access block settings are configured at the account level.

ignorePublicAcls: true, blockPublicPolicy: true blockPublicAcls: true restrictPublicBuckets: true

The control passes if all of the public access block settings are set to true.

The control fails if any of the settings are set to false, or if any of the settings are not configured. When the settings do not have a value, the AWS Config rule cannot complete its evaluation.

As an AWS best practice, S3 buckets should block public access. Unless you explicitly require everyone on the internet to be able to access your S3 bucket, you should ensure that your S3 bucket is not publicly accessible.

Remediation

Open the Amazon S3 console.
In the navigation pane, choose Block public access (account settings).
Choose Edit. Then select Block all public access.
Choose Save changes

PCI requirement(s): 1.2.1, 1.3.1, 1.3.2, 1.3.4, 1.3.6

Resource Types

This control targets the following resource types:

AWS > S3 > Account

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-pciv3-2-1#/control/types/s3PublicAccessBlockBucketAccount

Category URI

tmod:@turbot/turbot#/control/categories/compliancePci

GraphQL

query controlType(id: "tmod:@turbot/aws-pciv3-2-1#/control/types/s3PublicAccessBlockBucketAccount") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-pciv3-2-1#/control/types/s3PublicAccessBlockBucketAccount'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-pciv3-2-1#/control/types/s3PublicAccessBlockBucketAccount"