S3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy.
Public buckets can be accessed by anyone
Limit the access to public buckets to only the owner or AWS Services (eg; CloudFront)
The following example will fail the AVD-AWS-0093 check.
--- Resources: BadExample: Properties: AccessControl: AuthenticatedRead Type: AWS::S3::Bucket
The following example will pass the AVD-AWS-0093 check.
--- Resources: GoodExample: Properties: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true Type: AWS::S3::Bucket