Will It Vibe logoWill It Vibe?
TF-002High severity-15 points

S3 public access block turned off

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.

What it detects

An aws_s3_bucket_public_access_block sets one of its four guards to false, re-enabling the public ACLs or bucket policies the account-level block is meant to prevent.

Why it matters

The S3 public access block is the account and bucket level guard that stops public ACLs and bucket policies from taking effect. Setting any of its four flags to false re-opens the exact exposure it exists to prevent, so a later ACL or policy mistake becomes a real public bucket. The safe posture is all four flags true.

How to fix it

Set block_public_acls, block_public_policy, ignore_public_acls, and restrict_public_buckets all to true on the aws_s3_bucket_public_access_block. If a specific object path must be public, serve it through CloudFront rather than relaxing these flags. Review why any flag was set to false before changing it, since something may currently depend on the public path.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks