S3 Public Access Block Account Rule

This rule ensures blocking S3 public access at account level.

Rule	S3 public access should be blocked at account level
Framework	NIST 800-53 Revision 5
Severity	✔ Medium

Rule Description

The rule dictates that public access to Amazon S3 buckets should be blocked at the account level in compliance with the NIST 800-53 Revision 5 security framework. This rule ensures that sensitive data stored in S3 buckets remains protected and is only accessible to authorized individuals.

Troubleshooting Steps (if applicable)

1.
Check the S3 bucket permissions: Verify if the bucket has any policies or permissions allowing public access.

2.
Review the bucket ACL (Access Control List): Ensure that there are no objects or buckets with permissions granting public access.

3.
Examine the bucket policies: Make sure that the bucket policies do not have any statements allowing public access.

4.
Review other AWS services: Check if any other AWS services, such as AWS CloudFront or AWS Identity and Access Management (IAM), have permissions that might unintentionally grant public access.

Necessary Codes (if applicable)

To implement this rule, you may need to use the AWS Command Line Interface (AWS CLI) or AWS CloudFormation templates.

Step-by-Step Guide for Remediation

Option 1: Using AWS CLI

1.

Install AWS CLI: If you don't have AWS CLI installed, follow the instructions in the AWS CLI User Guide to install it.

2.
List all S3 buckets in your account:
```
aws s3 ls
```

3.

Identify the S3 bucket with public access enabled.

4.
Review the bucket ACL:
```
aws s3api get-bucket-acl --bucket BUCKET_NAME
```
Replace
```
BUCKET_NAME
```
with the name of the bucket identified in step 3.

5.
Remove public access using bucket ACLs:
```
aws s3api put-bucket-acl --bucket BUCKET_NAME --acl private
```
Replace
```
BUCKET_NAME
```
with the name of the bucket identified in step 3.

6.
Review the bucket policy:
```
aws s3api get-bucket-policy --bucket BUCKET_NAME
```
Replace
```
BUCKET_NAME
```
with the name of the bucket identified in step 3.

7.
Remove public access using bucket policies:
```
aws s3api delete-bucket-policy --bucket BUCKET_NAME
```
Replace
```
BUCKET_NAME
```
with the name of the bucket identified in step 3.

8.

Repeat steps 3-7 for all S3 buckets in your account.

Option 2: Using AWS CloudFormation

1.

Create an AWS CloudFormation template to define the desired bucket configurations. Ensure that the desired state blocks public access.

2.

Deploy the CloudFormation stack using the AWS Management Console, AWS CLI, or AWS SDK.

3.

Monitor the CloudFormation deployment to ensure successful provisioning of resources.

4.

Validate the S3 buckets to confirm public access is blocked.

5.

Repeat steps 1-4 for any additional S3 buckets in your account.

By following the above steps, you will block public access to your S3 buckets at the account level, aligning with the requirements of NIST 800-53 Revision 5.

S3 Public Access Block Account Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Option 1: Using AWS CLI

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Option 2: Using AWS CloudFormation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Option 1: Using AWS CLI

Option 2: Using AWS CloudFormation

Is your System Free of Underlying Vulnerabilities?
Find Out Now