- GG_ID: GG_IAC_0055
- Severity: HIGH
- Complexity: LOW
- Categories: DATA
- Providers: AWS
- Potential data exposure: True
- Visible in logs: True
- User interaction required: False
- Privileges required: False
AWS S3 Block Public Access is a feature that allows setting up centralized controls to manage public access to S3 resources.
Enforcing the BlockPublicAcls, BlockPublicPolicy and IgnorePublicAcls rule on a bucket allows to make sure that no ACL (Access control list) or policy giving public access can be associated with the bucket, and that existing ACL giving public access to the bucket will not be taken into account.
- Data leakage.
- Data tampering.
Associate a S3 BlockPublicAccess to the bucket with the following properties enabled: