Objectives: Create an S3 bucket that allows public access (non-compliant), then fix it.

Step 1: Create a Non-Compliant S3 Bucket

• Log into the AWS Management Console and click on S3.

  

• On the S3 Console, click on Create bucket

  

• Fill in a name for the S3 bucket [digitalwitchbucket]

  

• Uncheck Block all public access and confirm on the warning label

  

• Leave everything else on default and click on Create bucket. Now we have an S3 bucket with public access allowed, which is non-compliant

  

Step 2: Enable AWS Config Rule

• Go to AWS Config, click on Rules, and select Add rule

  

• Search for s3-bucket-level-public-access-prohibited and add the rule.

  

• Wait for a bit for AWS Config to evaluate. Then you should see S3 bucket as non-compliant

  

Step 3: Fix the Non-Compliance

• To fix the non-compliance, we have to go back to the S3 bucket and select the one we created.

  

• Click on Permissions, and under Block public access (bucket settings), click on Edit

  

• Turn on all four block options

  

• And finally, save changes. This bucket now blocks all public access, which would be marked as compliant by the rule on AWS Config.