S3 buckets should block public ACLs on buckets and any objects they contain.
By blocking, PUTs with fail if the object has any public ACL.
resource "aws_s3_bucket_public_access_block" "bad_example" {
bucket = aws_s3_bucket.example.id
}
resource "aws_s3_bucket_public_access_block" "bad_example" {
bucket = aws_s3_bucket.example.id
block_public_acls = false
}
resource "aws_s3_bucket_public_access_block" "good_example" {
bucket = aws_s3_bucket.example.id
block_public_acls = true
}