Remediation
Disable Public Access for S3 Bucket ACLβ
Enable S3 Block Public Accessβ
Enabling Block Public Access provides a centralized and comprehensive mechanism to prevent public access to your S3 buckets. These settings override any existing ACLs or bucket policies that might otherwise allow public access.
From Command Lineβ
To enable Block Public Access on the bucket, run the following command:
aws s3api put-public-access-block \
--bucket {{bucket-name}} \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
Apply the private Canned ACLβ
Applying the private canned ACL removes all public access grants and ensures that only the bucket owner has full control.
aws s3api put-bucket-acl \
--bucket {{bucket-name}} \
--acl private