AWS-S3-bucket-block-public-acl-and-uploading-public-object

Severity: High

Description: This control ensures that bucket level public access setting 'Block new public ACLs and uploading public objects' is set to true. The bucket level public access setting 'Block new public ACLs and uploading public objects' ensures that a bucket or object ACL cannot be updated to grant public access.

Remediation Steps:

Perform following to update S3 bucket public acl and uploading public object :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to s3 console.

3. In the navigation pane,  select buckets.

4. Click on the bucket to be modified, click permissions.

5. Click Public access settings.

6. Click edit.

7. In Manage public bucket policies section, check the box for lock public access to buckets and objects granted through new access control lists (ACLs).

8. Choose Save.

9. When asked for confirmation, enter confirm. Then choose Confirm to save changes.

Important:

• AWS s3 Now refers this option as "Block public access to buckets and objects granted through new ACLs".

Reference:

• CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.20

• Configuring block public access settings for your S3 buckets - Amazon Simple Storage Service