no-public-access-with-acl
Default Severity: high
Explanation
Buckets should have logging enabled so that access can be audited.
Possible Impact
There is no way to determine the access to this bucket
Suggested Resolution
Add a logging block to the resource to enable access logging
Insecure Example
The following example will fail the aws-s3-no-public-access-with-acl check.
resource "aws_s3_bucket" "bad_example" {
acl = "public-read"
}
Secure Example
The following example will pass the aws-s3-no-public-access-with-acl check.
resource "aws_s3_bucket" "good_example" {
acl = "private"
}