Rule: S3 Public Access Should Be Blocked at Account and Bucket Levels
This rule ensures that S3 public access is restricted at both account and bucket levels
| Rule | S3 public access should be blocked at account and bucket levels |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Medium |
Rule Description: S3 Public Access Block for RBI Cyber Security Framework
This policy ensures that all S3 buckets within an AWS account are configured to block public access at both the account level and bucket level. By following this rule, you can ensure compliance with the Reserve Bank of India (RBI) Cyber Security Framework guidelines and prevent unauthorized access to sensitive data stored in S3 buckets.
Troubleshooting Steps (if required):
- 1.Verify that the S3 bucket's Access Control List (ACL) allows only authorized access.
- 2.Check if the bucket policy permits access from specified IAM users or roles only.
- 3.Review the bucket's CORS (Cross-Origin Resource Sharing) policy to ensure it does not allow public access.
- 4.Verify that the bucket has public access settings disabled for all its objects.
Necessary Code (if required):
To apply S3 public access block at the account level, you can use the following AWS CLI command:
aws s3control put-public-access-block --account-id <your_account_id> --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
Step-by-Step Guide for Remediation:
To ensure S3 public access is blocked at the account and bucket levels, follow these steps:
Account Level:
- 1.Open the AWS Management Console and navigate to the S3 service.
- 2.Select the "Account settings" tab.
- 3.Click on "Block Public Access" and choose "Edit".
- 4.Enable all four options: "Block all public access", "Block public access to buckets and objects granted through new access control lists (ACLs)", "Block public access to buckets and objects granted through any access control lists (ACLs)", and "Block public access to buckets and objects granted through new public bucket or access point policies".
- 5.Click on "Save" to apply the changes.
Bucket Level:
- 1.Open the AWS Management Console and navigate to the S3 service.
- 2.Select the bucket for which you want to block public access.
- 3.Click on the "Permissions" tab.
- 4.Go to "Block Public Access" and click on "Edit".
- 5.Ensure that all four options are enabled: "Block all public access", "Block public access to buckets and objects granted through new access control lists (ACLs)", "Block public access to buckets and objects granted through any access control lists (ACLs)", and "Block public access to buckets and objects granted through new public bucket or access point policies".
- 6.Click on "Save" to apply the changes.
Repeat these steps for all the S3 buckets within your AWS account to ensure complete compliance with the RBI Cyber Security Framework.