amazon-genomics-cli icon indicating copy to clipboard operation
amazon-genomics-cli copied to clipboard

Published 20 hours ago verified publisher icon aws

Default AGC bucket should remove the possibility of public access

Open markjschreiber opened this issue 1 year ago • 0 comments

Description

The default AGC bucket generated by AGC should have bucket level public access blocks applied so that a user cannot accidentally make a bucket public

Use Case

Rule: securityhub-s3-bucket-level-public-access-prohibited-4639e4aa Summary of Rule: This control checks if Amazon S3 buckets have bucket level public access blocks applied. This control fails if any of the bucket level settings are set to "false" public: ignorePublicAcls, blockPublicPolicy, blockPublicAcls, restrictPublicBuckets.

Proposed Solution

Set the following bucket level settings to true for the bucket created by AGC during activation. ignorePublicAcls, blockPublicPolicy, blockPublicAcls, restrictPublicBuckets

markjschreiber avatar Oct 17 '22 15:10 markjschreiber