This rule ensures that S3 public access is blocked at the account level to maintain data security.
Rule | S3 public access should be blocked at account level |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ Medium |
Description of the Rule
The rule states that for compliance with NIST 800-53 Revision 5, all public access to S3 buckets should be blocked at the account level. This ensures that any sensitive data stored in S3 buckets is not accessible to unauthorized users.
Troubleshooting Steps
If you encounter any issues while implementing this rule, please follow the troubleshooting steps below:
Necessary Code
Below is an example of a policy that can be used to block public access to S3 buckets at the account level:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "s3:*", "Resource": "*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Principal": "*" } ] }
Step-by-Step Guide for Remediation
Please follow the step-by-step guide below to remediate the issue and block public access to S3 buckets at the account level:
By following these steps, you will successfully block public access to S3 buckets at the account level, in line with the NIST 800-53 Revision 5 compliance requirements.