Remediation
If utilizing Block Public Access (bucket settings)β
From Consoleβ
- Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/.
- Select the Check box next to the Bucket.
- Click on
Edit public access settings. - Click
Block all public access. - Repeat for all the buckets in your AWS account that contain sensitive data.
From Command Lineβ
- List all of the S3 Buckets:
aws s3 ls
- Set the Block Public Access to true on that bucket:
aws s3api put-public-access-block --bucket <name-of-bucket> --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
If utilizing Block Public Access (account settings)β
From Consoleβ
If the output reads true for the separate configuration settings then it is set on the account.
- Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/.
- Choose
Block Public Access (account settings). - Choose
Editto change the block public access settings for all the buckets in your AWS account. - Choose the settings you want to change, and then choose
Save. For details about each setting, pause on theiicons. - When you're asked for confirmation, enter
confirm. Then ClickConfirmto save your changes.
From Command Lineβ
To set Block Public access settings for this account, run the following command:
aws s3control put-public-access-block --public-access-block-configuration BlockPublicAcls=true, IgnorePublicAcls=true, BlockPublicPolicy=true, RestrictPublicBuckets=true --account-id <value>