Mahira Technology Private Limited's Blog
Securing Your AWS S3 Buckets: Enforcing Block Public Access with Terragrunt Automation and Step-by-Step Manual Guide

Securing Your AWS S3 Buckets: Enforcing Block Public Access with Terragrunt Automation and Step-by-Step Manual Guide

Mahira Technology Private Limited's photo
Mahira Technology Private Limited
·

3 min read

Over view:-

#S3 Block Public Access is a feature in #Amazon S3 that helps prevent public access to S3 buckets and objects. Enabling this feature provides an added layer of #security to protect your data from accidental or intentional exposure. #S3 Block Public Access includes settings for blocking public access at the account or bucket level, and can be configured using the #AWS Management Console, CLI, or API. By default, #S3 Block Public Access is disabled, so it’s important to enable this setting to protect your S3 data.

Pre-Requetisites:-

  1. #Terragrunt should be Installed on your local machine.

  2. #Aws account with proper permissions.

  3. A dynamo-db table and s3 bucket should be created on your aws account.

Step-1 :- Create a folder with name #s3-policy on your desktop. within the #s3-policy folder create a file named terragrunt.hcl and paste the below code. update the below configuration(bucket,dynamodb_table,region) with your details.

# First u need to create a s3 bucket and dynamodb table for storing your terraform configuration files and update their names in the above bucket and dynamodb_table values

remote_state {
  backend = "s3"
  config = {
    bucket         = "YOUR-TERRAGRUNT-S3-BUCKET-NAME"
    key            = "${path_relative_to_include()}/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "YOUR-DYNAMODB-TABLE"
 }
 generate = {
    path      = "backend.tf"
    if_exists = "overwrite_terragrunt"
  }
}

Step-2 :- Within the s3-policy folder create one more folder named s3 and a file named #terragrunt.hcl then copy the below code into the file.

# terragrunt.hcl

terraform {
  source = "terraform-aws-modules/s3-bucket/aws"
}
include {
  path = find_in_parent_folders()
}
inputs = {
  bucket_name = "s3-bucket-public-access"
  block_public_acls = true
  block_public_policy = true
  ignore_public_acls = true
  restrict_public_buckets = true
}

open the terminal window and navigate to your s3 directory. Configure your aws credentials and enter the first command #terragruntinit for Initializing and after Initialization, enter the second command #terragruntplan when the plan executed successfully,enter the third command #terragruntapply.

Step-3 :- After deploying the code,login to your #Aws account and check whether an #s3 bucket is being created with block public access using #terragrunt.

Source-code link :- github.com/MahiraTechnology/Mahira-medium.git

Follow the step to get solve the issue Manually:

  1. Open the #Amazon S3 console at https://console.aws.amazon.com/s3/.

  2. click on create bucket and give a name for the bucket

  3. Choose the required actions in #Block public access (settings).

  4. click on create bucket.

Conclusion:-

Enabling #S3 Block Public Access is a critical step in securing your S3 data. By preventing public access to #S3 buckets and objects, you can reduce the risk of accidental or intentional exposure of sensitive data. #S3 Block #Public Access includes settings for blocking public access at the account or bucket level, and can be configured using the #AWS Management Console, CLI, or API. Enabling this feature is highly recommended to ensure the #security of your S3 data.

AWSS3Cloud ComputingAccessibilityautomationterragruntSecure