This rule ensures blocking of S3 public access at bucket levels.
Rule | S3 public access should be blocked at bucket levels |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ High |
Rule Description:
According to the FedRAMP Low Revision 4 security standards, it is required to block public access at the bucket level for Amazon S3 (Simple Storage Service). This rule aims to prevent unauthorized access to sensitive data stored in S3 buckets and ensure compliance with security regulations.
Troubleshooting Steps (if necessary):
If any issues occur while implementing or verifying the rule, the following troubleshooting steps can be taken:
Necessary Codes (if applicable):
To block public access at the bucket level in Amazon S3, the following bucket policy can be applied:
{
"Version": "2012-10-17",
"Id": "BlockPublicAccessPolicy",
"Statement": [
{
"Sid": "BlockPublicAcl",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::(bucket-name)"
},
{
"Sid": "BlockPublicPolicy",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetBucketPolicy",
"Resource": "arn:aws:s3:::(bucket-name)"
},
{
"Sid": "BlockPublicObject",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::(bucket-name)/*"
}
]
}
Replace
(bucket-name)
in the above policy with the actual name of the S3 bucket.Step-by-Step Guide for Remediation:
To block public access at the bucket level in Amazon S3, follow these steps:
After following these steps, the S3 bucket will have public access blocked at the bucket level, thus complying with the FedRAMP Low Revision 4 security requirement.