# s3-account-level-public-access-blocks
<a name="s3-account-level-public-access-blocks"></a>

Checks if the required public access block settings are configured from account level. The rule is only NON\$1COMPLIANT when the fields set below do not match the corresponding fields in the configuration item.

**Note**  
If you are using this rule, ensure that S3 Block Public Access is enabled. The rule is change-triggered, so it will not be invoked unless S3 Block Public Access is enabled. If S3 Block Public Access is not enabled the rule returns INSUFFICIENT\$1DATA. This means that you still might have some public buckets. For more information about setting up S3 Block Public Access, see [Blocking public access to your Amazon S3 storage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html).



**Identifier:** S3\$1ACCOUNT\$1LEVEL\$1PUBLIC\$1ACCESS\$1BLOCKS

**Resource Types:** AWS::S3::AccountPublicAccessBlock

**Trigger type:** Configuration changes (current status not checked, only evaluated when changes generate new events)

**Note**  
This rule is only triggered by configuration changes for the specific region where the S3 endpoint is located. In all other regions, the rule is checked periodically. If a change was made in another region, there could be a delay before the rule returns NON\$1COMPLIANT. 

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

RestrictPublicBuckets (Optional)Type: StringDefault: True  
RestrictPublicBuckets is enforced or not, default True

BlockPublicPolicy (Optional)Type: StringDefault: True  
BlockPublicPolicy is enforced or not, default True

BlockPublicAcls (Optional)Type: StringDefault: True  
BlockPublicAcls is enforced or not, default True

IgnorePublicAcls (Optional)Type: StringDefault: True  
IgnorePublicAcls is enforced or not, default True

## Amazon CloudFormation template
<a name="w2aac20c16c17b7e1377c23"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).