AWS-S3-bucket-enable-remove-access-thru-public-acl

Severity: High

Description: This control ensures that account level public access setting 'Remove public access granted through public ACLs' is set to true. The account level public access setting 'Remove public access granted through public ACLs' ensures that any of the existing S3 buckets from the account does not to evaluate any public ACL when authorizing a request.

Remediation Steps:

Perform following to update S3 bucket public access :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to s3 console.

3. In the navigation pane,  select buckets.

4. Click on the bucket to be modified, click permissions.

5. Click Public access settings.

6. Click edit.

7. In Manage public access control lists (ACLs) for this account section, check the box for Block public access to buckets and objects granted through any access control lists (ACLs).

8. Choose Save.

9. When asked for confirmation, enter confirm. Then choose Confirm to save changes.

Important:

• AWS now refers this option as "Block public access to buckets and objects granted through any access control lists (ACLs)".

Reference:

• Configuring block public access settings for your account - Amazon Simple Storage Service