Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™

Restrict Knowledge Base S3 Data Source Public Access

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that the Amazon S3 buckets configured as data sources for your Amazon Bedrock Knowledge Bases have the Amazon S3 Block Public Access feature enabled and do not grant public access through their bucket policies. An Amazon Bedrock Knowledge Base ingests documents from a configured data source and makes their content available to foundation models for retrieval-augmented generation. When the data source type is Amazon S3, the source location is defined by the "s3Configuration" field of the data source, which references the source bucket through its "bucketArn" (and, for cross-account sources, "bucketOwnerAccountId"). Because these buckets hold the raw proprietary enterprise documents that back the Knowledge Base, the Block Public Access feature must be enabled at the bucket level and no bucket policy statement should grant public access to the stored objects.

Security

Amazon Bedrock Knowledge Base S3 data sources store the raw, unprocessed enterprise documents that are ingested into the Knowledge Base, frequently including sensitive or proprietary business data. If the source bucket is publicly accessible, an attacker with "s3:GetObject" access can bypass the Knowledge Base and the foundation model entirely and download the original documents directly from the underlying bucket, exposing the full corpus of proprietary data. Enabling the Amazon S3 Block Public Access feature and ensuring that no bucket policy grants public access confines access to the source documents to authorized principals and the Knowledge Base service role, closing this direct data-exfiltration path.


Audit

To determine if the Amazon S3 buckets configured as data sources for your Amazon Bedrock Knowledge Bases are publicly accessible, perform the following operations:

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

  3. In the main navigation panel, under Build, select Knowledge Bases to list all the Amazon Bedrock Knowledge Bases available in the selected AWS region.

  4. Click on the name (link) of the Knowledge Base that you want to examine.

  5. In the Data source section, check the Data source type of each configured data source. For each data source with the type Amazon S3, click on the name (link) of the data source and note the S3 URI (i.e. the source bucket name) listed under Data source details.

  6. Navigate to the Amazon S3 console at https://console.aws.amazon.com/s3/ and, in the Buckets list, review the Access column status shown for the source bucket identified at the previous step. If the status reads Public, the Knowledge Base data source bucket is publicly accessible, therefore the configuration is not compliant.

  7. Click on the name of the source S3 bucket, then select the Permissions tab. In the Block public access (bucket settings) section, check the status of Block all public access. If Block all public access is set to Off (or any of the four individual settings is disabled), the Knowledge Base data source bucket is publicly accessible, therefore the configuration is not compliant.

  8. Repeat steps no. 5 – 7 for each Amazon S3 data source configured for the selected Knowledge Base.

  9. Repeat steps no. 4 – 8 for each Amazon Bedrock Knowledge Base available in the selected AWS region.

  10. Change the AWS cloud region from the console navigation bar and repeat steps no. 3 – 9 for each region where you have deployed Amazon Bedrock Knowledge Bases.

Using AWS CLI

  1. Run list-knowledge-bases command (OSX/Linux/UNIX) with custom output filters to list the IDs of all Amazon Bedrock Knowledge Bases available in the selected AWS region:

    aws bedrock-agent list-knowledge-bases
    --region us-east-1
    --query 'knowledgeBaseSummaries[*].knowledgeBaseId'
    
  2. The command output should return an array with the requested Knowledge Base IDs:

    [
        "ABCD1234EF",
        "GHIJ5678KL"
    ]
    
  3. Run list-data-sources command (OSX/Linux/UNIX) using the ID of the Knowledge Base that you want to examine as the identifier parameter and custom output filters to list the IDs of all the data sources configured for the selected Knowledge Base:

    aws bedrock-agent list-data-sources
    --region us-east-1
    --knowledge-base-id ABCD1234EF
    --query 'dataSourceSummaries[*].dataSourceId'
    
  4. The command output should return an array with the requested data source IDs:

    [
        "MNOP9012QR"
    ]
    
  5. Run get-data-source command (OSX/Linux/UNIX) using the IDs of the Knowledge Base and the data source that you want to examine as identifier parameters and custom query filters to return the data source configuration:

    aws bedrock-agent get-data-source
    --region us-east-1
    --knowledge-base-id ABCD1234EF
    --data-source-id MNOP9012QR
    --query 'dataSource.dataSourceConfiguration.{Type:type,S3Bucket:s3Configuration.bucketArn}'
    
  6. The command output should return the data source type and, for Amazon S3 data sources, the Amazon Resource Name (ARN) of the source bucket:

    {
        "Type": "S3",
        "S3Bucket": "arn:aws:s3:::cc-kb-enterprise-data"
    }
    

    If the "Type" value is "S3", the data source ingests documents from the Amazon S3 bucket referenced by the "S3Bucket" ARN (the bucket name is the part of the ARN that follows the last colon, i.e. cc-kb-enterprise-data).

  7. Run get-public-access-block command (OSX/Linux/UNIX) using the name of the source bucket identified at the previous step as the identifier parameter to return the S3 Block Public Access feature configuration set for the Knowledge Base data source bucket:

    aws s3api get-public-access-block
    --bucket cc-kb-enterprise-data
    --query 'PublicAccessBlockConfiguration'
    
  8. The command output should return the requested configuration information:

    {
        "BlockPublicAcls": false,
        "IgnorePublicAcls": false,
        "BlockPublicPolicy": false,
        "RestrictPublicBuckets": false
    }
    

    If the get-public-access-block command output returns false for any of the four settings (as shown in the example above), or returns the "NoSuchPublicAccessBlockConfiguration" error, the S3 Block Public Access feature is not fully enabled for the source bucket, therefore the Knowledge Base data source bucket is publicly accessible and the configuration is not compliant.

  9. Run get-bucket-policy-status command (OSX/Linux/UNIX) using the name of the source bucket as the identifier parameter to confirm whether the data source bucket is currently evaluated as public:

    aws s3api get-bucket-policy-status
    --bucket cc-kb-enterprise-data
    --query 'PolicyStatus.IsPublic'
    

    If the command output returns true, the source bucket policy grants public access, therefore the Knowledge Base data source bucket configuration is not compliant.

  10. Repeat steps no. 5 – 9 for each data source configured for the selected Knowledge Base, then repeat steps no. 3 – 9 for each Knowledge Base available in the selected region.

  11. Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 10 for each region where you have deployed Amazon Bedrock Knowledge Bases.

Remediation / Resolution

To restrict public access to the Amazon S3 buckets configured as data sources for your Amazon Bedrock Knowledge Bases, perform the following operations:

Note: Block Public Access overrides public access grants in the bucket policy but does not remove them. If specific principals still need access, remove any statement granting access to a wildcard principal ("Principal": "*"), keeping only what the Knowledge Base service role requires.

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon S3 console at https://console.aws.amazon.com/s3/.

  3. Click on the name of the Knowledge Base data source bucket that you want to reconfigure (see Audit section part I to identify the right resource).

  4. Select the Permissions tab from the S3 console menu to access the bucket permissions.

  5. In the Block public access (bucket settings) section, choose Edit, select the Block all public access checkbox to activate all four feature settings, and choose Save changes.

  6. In the Edit Block public access (bucket settings) dialog box, type confirm in the appropriate box, then choose Confirm to apply the configuration changes.

  7. (Optional) In the same Permissions tab, under Bucket policy, choose Edit and remove any statement that grants access to a wildcard principal ("Principal": "*"), keeping only the statements required by the Knowledge Base service role, then choose Save changes.

  8. Repeat steps no. 3 – 7 for each publicly accessible Amazon S3 bucket configured as a data source for your Amazon Bedrock Knowledge Bases.

Using AWS CLI

  1. Run put-public-access-block command (OSX/Linux/UNIX) using the name of the Knowledge Base data source bucket that you want to reconfigure as the identifier parameter (see Audit section part II to identify the right resource), to enable the S3 Block Public Access feature for the source bucket (the command does not produce an output):

    aws s3api put-public-access-block
    --region us-east-1
    --bucket cc-kb-enterprise-data
    --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
    
  2. (Optional) If the source bucket policy grants public access, run get-bucket-policy command (OSX/Linux/UNIX) to retrieve the current bucket policy, remove any statement that grants access to a wildcard principal ("Principal": "*"), save the updated policy to a JSON file named bucket-policy.json, then run put-bucket-policy command to apply the corrected policy (the command does not produce an output):

    aws s3api put-bucket-policy
    --bucket cc-kb-enterprise-data
    --policy file://bucket-policy.json
    
  3. Repeat steps no. 1 and 2 for each publicly accessible Amazon S3 bucket configured as a data source for your Amazon Bedrock Knowledge Bases.

References

Publication date Jul 10, 2026