Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CC-00280
- credit Snyk Research Team
Description
If a public ACL is attached to the bucket, anyone will be able to read and/or write to the bucket.
How to fix?
Set the aws_s3_bucket_public_access_block
or aws_s3_account_public_access_block
ignore_public_acls
field to true
.
To enable block public access settings at the bucket level:
Ensure that the aws_s3_bucket is referenced in an aws_s3_bucket_public_access_block
bucket
field and that all of the following aws_s3_bucket_public_access_block fields are set totrue
:ignore_public_acls
To enable block public access settings at the account level:
Ensure that all of the following aws_s3_account_public_access_block fields are set to
true
:ignore_public_acls
Example Configuration
# Enable for a single bucket
resource "aws_s3_bucket" "private" {
acl = "private"
# other required fields here
}
resource "aws_s3_bucket_public_access_block" "private" {
bucket = "${aws_s3_bucket.private.id}"
ignore_public_acls = true
}
# Enable for an entire AWS account
resource "aws_s3_account_public_access_block" "main" {
ignore_public_acls = true
}