Vendor services misconfigurations

S3 Bucket not Configured with Public Access Block


Amazon S3 provides Block public access (bucket settings) to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principle with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, Block public access (bucket settings) prevents an individual bucket, and its contained objects, from becoming publicly accessible.
  • Recommended Mitigation

    Make sure your S3 buckets are configured with Block Public Access enabled