AWS-S3-bucket-public-policy-block-cross-account-access

Severity: High

Description: This control ensures that bucket level public access setting 'Block public and cross-account access if bucket has public policies' is set to true. The bucket level public access setting 'Block public and cross-account access if bucket has public policies' blocks public and cross-account access to the bucket by overriding existing bucket policy.

Remediation Steps:

Perform following to update S3 bucket public and cross account access :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to s3 console.

3. In the navigation pane,  select buckets.

4. Click on the bucket to be modified, click permissions.

5. Click Public access settings.

6. Click edit.

7. In Manage public bucket policies section, check the box for Block public and cross-account access to buckets and objects through any public bucket or access point policies.

8. Choose Save.

9. When asked for confirmation, enter confirm. Then choose Confirm to save changes.

Important:

• S3 now refers this option as "Block public and cross-account access to buckets and objects through any public bucket or access point policies".

Reference:

• CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.20

• Configuring block public access settings for your S3 buckets - Amazon Simple Storage Service