s3-account-level-public-access-blocks

Checks if the required public access block settings are configured from account level. The rule is only NON_COMPLIANT when the fields set below do not match the corresponding fields in the configuration item.

Note

If you are using this rule, ensure that S3 Block Public Access is enabled. The rule is change-triggered, so it will not be invoked unless S3 Block Public Access is enabled. If S3 Block Public Access is not enabled the rule returns INSUFFICIENT_DATA. This means that you still might have some public buckets. For more information about setting up S3 Block Public Access, see Blocking public access to your Amazon S3 storage.

Identifier: S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS

Resource Types: AWS::S3::AccountPublicAccessBlock

Trigger type: Configuration changes (current status not checked, only evaluated when changes generate new events)

Note

This rule is only triggered by configuration changes for the specific region where the S3 endpoint is located. In all other regions, the rule is checked periodically. If a change was made in another region, there could be a delay before the rule returns NON_COMPLIANT.

AWS Region: All supported AWS regions except US ISO West, Middle East (Bahrain), US ISO East, Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), US ISOB East, Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region

Parameters:

IgnorePublicAcls (Optional)
Type: String
Default: True: IgnorePublicAcls is enforced or not, default True
BlockPublicPolicy (Optional)
Type: String
Default: True: BlockPublicPolicy is enforced or not, default True
BlockPublicAcls (Optional)
Type: String
Default: True: BlockPublicAcls is enforced or not, default True
RestrictPublicBuckets (Optional)
Type: String
Default: True: RestrictPublicBuckets is enforced or not, default True

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

s3-access-point-public-access-blocks

s3-account-level-public-access-blocks-periodic