Rule: S3 Public Access Blocked at Bucket Levels

This rule ensures blocking S3 public access at bucket levels to enhance security measures.

Rule	S3 public access should be blocked at bucket levels
Framework	NIST 800-53 Revision 5
Severity	✔ High

Rule Description:

This rule dictates that the public access to objects in an S3 bucket should be blocked at the bucket level. It is aligned with the security requirements of NIST 800-53 Revision 5, which aims to ensure the confidentiality, integrity, and availability of sensitive data stored in AWS S3.

Troubleshooting Steps:

Check if the S3 bucket has any public access settings enabled.
Review the bucket policies and access control lists (ACLs) for any configurations allowing public access.
Verify if the S3 bucket is not configured as a static website hosting endpoint, as this could potentially allow public access.
Ensure that there are no permissions granted to "Everyone" or any unauthorized users or groups.

Code Example:

To enforce the blocking of public access at the bucket level, you can use the following AWS CLI command:

aws s3api put-public-access-block --bucket your-bucket-name --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

Remediation Steps:

Follow the steps below to remediate the S3 bucket and block public access at the bucket level:

1.
Identify the S3 bucket(s) that need to block public access.

2.
Open the AWS CLI or use the AWS Management Console.

3.
If using the AWS CLI, run the provided code example, replacing "your-bucket-name" with the name of the relevant S3 bucket.

4.
If using the AWS Management Console, navigate to the S3 service.

5.
Select the targeted S3 bucket.

6.
Click on the "Permissions" tab.

7.
Review the bucket policies and ACLs to ensure there are no public access configurations enabled.

8.
If any public access settings are found:
- Update the bucket policy to remove "public" permissions.
- Update the ACLs to deny public access.

9.
Ensure that the bucket is not configured as a static website hosting endpoint unless intended for public access.

10.
Test the bucket's access to ensure it is no longer publicly accessible.

By following these steps, you will effectively block public access at the bucket level for NIST 800-53 Revision 5 compliance.

Rule: S3 Public Access Blocked at Bucket Levels

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Code Example:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Code Example:

Remediation Steps:

Is your System Free of Underlying Vulnerabilities?
Find Out Now