Terraform rule terraform:S628

Make sure to read this post before raising a thread here:

Then tell us:

  • What language is this for?
  • Which rule?
    Make sure not preventing permissive ACL/policies to be set is safe here.
    Allowing public ACLs or policies on a S3 bucket is security-sensitive[terraform:S6281]
  • Why do you believe it’s a false-positive/false-negative?
    adding the magic directive count will cause the rule report a false positive
resource "aws_s3_bucket" "mycompliantbucket" {
  bucket = "mycompliantbucketname"

resource "aws_s3_bucket_public_access_block" "mycompliantpublicaccess" {
  bucket = aws_s3_bucket.mycompliantbucket.id
  count  = var.mycompliantbucket == true ? 1 : 0 // line added 
  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
  • Are you using
  • Enterprise Edition
  • Version 9.3 (build 51899)


Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

9.3 → 9.9 → 10.0 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If this issue persists after upgrade, please come back to us.