Policy: AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
Configures auditing against a CIS Benchmark item.
Level: 1
Amazon S3 provides Block public access (bucket settings) and Block public access (account settings) to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principal with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, Block public access (bucket settings) prevents an individual bucket, and its contained objects, from becoming publicly accessible. Similarly, Block public access (account settings) prevents all buckets, and contained objects, from becoming publicly accessible across the entire account.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- AWS > CIS v3.0
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
- AWS > CIS v3.0 > 2 - Storage
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v071406
- tmod:@turbot/aws-cisv3-0#/policy/types/r020104
- turbot graphql policy-type --id "tmod:@turbot/aws-cisv3-0#/policy/types/r020104"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv3-0#/policy/types/r020104"
Get Policy TypeGet Policy Settings