AWS-020 Amazon Web Services (AWS)

S3 Block Public Access is enabled at the account level.

S3 Block Public Access is enabled at the account level.

Domain
Amazon Web Services (AWS)
Area
Data Protection
Automated / manual
Automated

Risk if it fails

Public buckets are the #1 cause of cloud data leaks.

A single misconfigured bucket can publish millions of private records to the open web, indexed by search engines and downloaded by anyone.

How Tess tests it

1 test — each concludes only on cited evidence.

S3 Block Public Access is enabled at the account level.

Automated
Procedure
Confirm all four account-level block settings are true.

Read-only command 

aws s3control get-public-access-block --account-id <acct-id>

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-020 against your evidence?

Book a demo