aws · manan-pancholi · Jan 17, 2025 · Jan 17, 2025 · Jan 22, 2025 · Jan 22, 2025
diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts
@@ -1092,10 +1092,10 @@ export class BlockPublicAccess {
   public restrictPublicBuckets: boolean | undefined;
 
   constructor(options: BlockPublicAccessOptions) {
-    this.blockPublicAcls = options.blockPublicAcls;
-    this.blockPublicPolicy = options.blockPublicPolicy;
-    this.ignorePublicAcls = options.ignorePublicAcls;
-    this.restrictPublicBuckets = options.restrictPublicBuckets;
+    this.blockPublicAcls = options.blockPublicAcls ?? true;
+    this.blockPublicPolicy = options.blockPublicPolicy ?? true;
+    this.ignorePublicAcls = options.ignorePublicAcls ?? true;
+    this.restrictPublicBuckets = options.restrictPublicBuckets ?? true;
   }
 }
 

diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts
@@ -972,6 +972,34 @@ describe('bucket', () => {
     });
   });
 
+  test('unspecified blockPublicAccess properties should default to true', () => {
+    const stack = new cdk.Stack();
+    new s3.Bucket(stack, 'MyBucket', {
+      blockPublicAccess: new s3.BlockPublicAccess({
+        blockPublicPolicy: false,
+        restrictPublicBuckets: false,
+      }),
+    });
+
+    Template.fromStack(stack).templateMatches({
+      'Resources': {
+        'MyBucketF68F3FF0': {
+          'Type': 'AWS::S3::Bucket',
+          'Properties': {
+            'PublicAccessBlockConfiguration': {
+              'BlockPublicAcls': true,
+              'BlockPublicPolicy': false,
+              'IgnorePublicAcls': true,
+              'RestrictPublicBuckets': false,
+            },
+          },
+          'DeletionPolicy': 'Retain',
+          'UpdateReplacePolicy': 'Retain',
+        },
+      },
+    });
+  });
+
   test('bucket with default block public access setting to throw error msg', () => {
     const stack = new cdk.Stack();