S3 Bucket Without Ignore Public ACL

• Query id: 4fa66806-0dd9-4f8d-9480-3174d39c7c91
• Query name: S3 Bucket Without Ignore Public ACL
• Platform: Terraform
• Severity: Low
• Category: Insecure Configurations
• URL: Github

Description

S3 bucket without ignore public ACL
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "aws_s3_bucket" "positive1" {
  bucket = "example"
}

resource "aws_s3_bucket_public_access_block" "positive2" {
  bucket = aws_s3_bucket.example.id

  block_public_acls   = true
  block_public_policy = true
  ignore_public_acls  = false
}

Postitive test num. 2 - tf file

module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"
  version = "3.7.0"

  bucket = "my-s3-bucket"
  acl    = "private"
  ignore_public_acls = false

  versioning = {
    enabled = true
  }
}

Postitive test num. 3 - tf file

module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"
  version = "3.7.0"

  bucket = "my-s3-bucket"
  acl    = "private"

  versioning = {
    enabled = true
  }
}

Postitive test num. 4 - tf file

resource "aws_s3_bucket" "positive1" {
  bucket = "example"
}

resource "aws_s3_bucket_public_access_block" "positive2" {
  bucket = aws_s3_bucket.example.id

  block_public_acls   = true
  block_public_policy = true
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_s3_bucket" "negative1" {
  bucket = "example"
}

resource "aws_s3_bucket_public_access_block" "negative2" {
  bucket = aws_s3_bucket.example.id

  block_public_acls   = true
  block_public_policy = true
  ignore_public_acls  = true
}

Negative test num. 2 - tf file

module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"
  version = "3.7.0"

  bucket = "my-s3-bucket"
  acl    = "private"
  ignore_public_acls  = true

  versioning = {
    enabled = true
  }
}