Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CC-00266
- credit Snyk Research Team
Description
If a public policy is attached to a bucket and restrict_public_buckets is disabled, anyone will be able to read and/or write to the bucket.
How to fix?
Set the aws_s3_bucket_public_access_block or aws_s3_account_public_access_block restrict_public_buckets field to true.
To enable block public access settings at the bucket level:
Ensure that the aws_s3_bucket is referenced in an aws_s3_bucket_public_access_block
bucketfield and that all of the following aws_s3_bucket_public_access_block fields are set totrue:restrict_public_buckets
To enable block public access settings at the account level:
Ensure that all of the following aws_s3_account_public_access_block fields are set to
true:restrict_public_buckets
Example Configuration
# Enable for a single bucket
resource "aws_s3_bucket" "private" {
acl = "private"
# other required fields here
}
resource "aws_s3_bucket_public_access_block" "private" {
bucket = "${aws_s3_bucket.private.id}"
restrict_public_buckets = true
}
# Enable for an entire AWS account
resource "aws_s3_account_public_access_block" "main" {
restrict_public_buckets = true
}