Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Public Access Blocked at Account Level

Ensure compliance by blocking S3 public access at the account level.

RuleS3 public access should be blocked at account level
FrameworkCISA-cyber-essentials
Severity
Medium

Rule Description:

This rule ensures that public access to S3 buckets within an AWS account is blocked. It specifically targets accounts that need to comply with CISA Cyber Essentials guidelines for enhanced security. By implementing this rule, you prevent unauthorized access to data stored in S3 buckets and mitigate the risk of data breaches.

Troubleshooting Steps:

If you encounter any issues while implementing this rule, follow these troubleshooting steps:

  1. 1.
    Verify IAM permissions: Ensure that the IAM user or role attempting to block public access has the necessary permissions to modify S3 bucket policies and access the necessary APIs.
  2. 2.
    Check bucket policies: Review the bucket policies of all S3 buckets in the account and ensure that there are no explicit allow statements granting public access.
  3. 3.
    Examine access control lists (ACLs): Review the ACLs associated with the S3 buckets and confirm that there are no entries allowing public access.
  4. 4.
    Use AWS Config rules: Leverage AWS Config rules to identify S3 buckets that have public access and troubleshoot any configuration issues.
  5. 5.
    Check networking settings: Confirm that the S3 buckets are not accessible publicly due to misconfigured network settings, such as VPC endpoints or S3 Gateway Endpoint policies.
  6. 6.
    Review CloudTrail logs: Analyze CloudTrail logs to identify any API calls related to S3 bucket policies or changes that could be causing public access.

Necessary Codes:

There are no specific codes required for implementing this rule. However, you can use AWS CLI or SDKs to automate the process of blocking public access for S3 buckets.

Step-by-Step Guide for Remediation:

  1. 1.
    Identify S3 buckets: Determine the S3 buckets in your AWS account that need to have public access blocked. Take note of the bucket names.
  2. 2.
    Block public access: Use the AWS CLI or AWS Management Console to apply the necessary settings to block public access for each S3 bucket. Follow these steps for each bucket:

Using AWS CLI:

  • Open the AWS CLI (Command Line Interface) on your local machine or use the AWS CLI within the AWS Management Console.

  • Run the following command to block public access for a specific S3 bucket:

    aws s3api put-public-access-block --bucket <bucket-name> --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
    
  • Replace

    <bucket-name>
    in the above command with the appropriate S3 bucket name. Repeat this command for each identified S3 bucket.

Using AWS Management Console:

  • Log in to the AWS Management Console and navigate to the S3 service.
  • Select the bucket where you want to block public access.
  • Click on the "Permissions" tab.
  • Scroll down to the "Block Public Access" section.
  • Enable all four settings: Block all public access, Block public access to buckets and objects granted through new access control lists (ACLs), Block public access to buckets and objects granted through any access control lists (ACLs), and Block public access to buckets and objects granted through new public bucket or access point policies.
  • Click on the "Save" button to apply the changes. Repeat this process for each identified S3 bucket.
  1. 1.
    Validate changes: After applying the configuration changes, verify that public access to the S3 buckets has been successfully blocked. You can use the AWS CLI or management console to confirm this.

Conclusion:

By following the above steps, you have successfully implemented the rule to block public access to S3 buckets at the AWS account level for CISA Cyber Essentials compliance. Regularly review and monitor your S3 bucket configurations to ensure ongoing security and compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now