Testing our enforcement of No Public Access

  1. Go to Amazon S3 Console and find the bucket created by your AWS CloudFormation template.

  2. Check what our Amazon S3 Public Bucket Access Settings are set to, should be off.

    s3blockpublic.png

  3. Go to the Amazon S3 Bucket that was created when deploying the lab, and set Access Control list option as public for reads.

    s3everyone.png

  4. You can wait after setting the bucket to public or Go to our Config rule for s3-bucket-public-read-prohibited and re-evaluate the rule. Refresh the screen and make sure the bucket comes up as Noncompliant.

  5. Go Back to the Amazon S3 Bucket and review the Public Acccess settings. Did the setting change? Did you get an e-mail?

  6. Update the PublicApp Tag from no to yes, reset Public Access Settings back to off and save. After that set again the Public Access Settings to on. What happens with the e-mail notification that you receive?

s3tags.png