standard
turbot/aws_compliance

Trigger: Detect & correct S3 buckets with block public access disabled

Detect S3 buckets with block public access disabled and then skip or block public access.

Query

select
concat(
bucket.name,
' [',
bucket.account_id,
'/',
bucket.region,
']'
) as title,
bucket.region,
bucket.sp_connection_name as conn,
bucket.name as bucket_name
from
aws_s3_bucket as bucket,
aws_s3_account_settings as s3account
where
s3account.account_id = bucket.account_id
and not (
bucket.block_public_acls
or s3account.block_public_acls
)
and not (
bucket.block_public_policy
or s3account.block_public_policy
)
and not (
bucket.ignore_public_acls
or s3account.ignore_public_acls
)
and not (
bucket.restrict_public_buckets
or s3account.restrict_public_buckets
)

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/S3