diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 27cb8fc6fde2b..e5cead93bf22a 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -1092,10 +1092,10 @@ export class BlockPublicAccess { public restrictPublicBuckets: boolean | undefined; constructor(options: BlockPublicAccessOptions) { - this.blockPublicAcls = options.blockPublicAcls; - this.blockPublicPolicy = options.blockPublicPolicy; - this.ignorePublicAcls = options.ignorePublicAcls; - this.restrictPublicBuckets = options.restrictPublicBuckets; + this.blockPublicAcls = options.blockPublicAcls ?? true; + this.blockPublicPolicy = options.blockPublicPolicy ?? true; + this.ignorePublicAcls = options.ignorePublicAcls ?? true; + this.restrictPublicBuckets = options.restrictPublicBuckets ?? true; } } diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 5ad2b8413bcb8..63047deded860 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -972,6 +972,34 @@ describe('bucket', () => { }); }); + test('unspecified blockPublicAccess properties should default to true', () => { + const stack = new cdk.Stack(); + new s3.Bucket(stack, 'MyBucket', { + blockPublicAccess: new s3.BlockPublicAccess({ + blockPublicPolicy: false, + restrictPublicBuckets: false, + }), + }); + + Template.fromStack(stack).templateMatches({ + 'Resources': { + 'MyBucketF68F3FF0': { + 'Type': 'AWS::S3::Bucket', + 'Properties': { + 'PublicAccessBlockConfiguration': { + 'BlockPublicAcls': true, + 'BlockPublicPolicy': false, + 'IgnorePublicAcls': true, + 'RestrictPublicBuckets': false, + }, + }, + 'DeletionPolicy': 'Retain', + 'UpdateReplacePolicy': 'Retain', + }, + }, + }); + }); + test('bucket with default block public access setting to throw error msg', () => { const stack = new cdk.Stack();