Hello.

I can't find the resource type "AWS::S3::AccountPublicAccessBlock" in the documentation, but is it a commonly used resource type?
I thought maybe it's not supported by CloudFormation.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/AWS_S3.html

I thought that if I were to use CloudFormation, I would need to create a custom resource and create a Lambda that executes things like "put_public_access_block()".
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3control/client/put_public_access_block.html#

Hi There

AWS::S3::AccountPublicAccessBlock is not a valid CloudFormation resource type. You wont be able to put an account level public access block using CloudFormation.

Here are the supported ways of applying an account-level block: https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html

For example, you can use the CLI via the s3control api. See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3control/put-public-access-block.html.

Once you set Block Public Access on the accounts, you can add an SCP to disallow changes to this configuration.

See this previous post which details the SCP: https://repost.aws/questions/QUUsKRARa1TmywIed1_9JpbA/scp-to-enable-block-s3-public-access