blockPublicAccess does not work for some regions

[jan-osch]

I have an app that is deployed to all AWS regions. This is my serverless.yml (simplified)

provider:
  name: aws
  stage: ${opt:stage, "dev"} 
  runtime: nodejs12.x
  stackName: ${self:serviceName}-${self:provider.stage}
  memorySize: 128
  mainRegion: ${opt:main-region, env:AWS_MAIN_REGION}
  accountId: ${opt:aws-account-id, env:AWS_ACCOUNT_ID}
  deploymentBucket:
    name: my-company-deployment-${aws:region}
    maxPreviousDeploymentArtifacts: 5
    blockPublicAccess: true
    serverSideEncryption: AES256
plugins:
  - serverless-deployment-bucket
custom:
  deploymentBucket:
    versioning: false
    accelerate: true
    blockPublicAccess: true 

Previously I didn't include custom.deploymentBucket.blockPublicAccess. After I added it & deployed my service to all regions I saw that almost all deployment buckets (1 per region) were updated to Bucket and objects not public. However, the following regions did not update the deployment buckets to Access: Bucket and object not public:

af-south-1
ap-east-1
ap-northeast-3
ap-southeast-3
eu-north-1
eu-south-1
me-south-1

I've re-run the deployment multiple times and repeated the same procedure in a separate staging and prod account, and the result was the same -> these regions did not update. I had to do it manually via AWS cli.

I've double-checked my config and app code, but I couldn't fin anything particular about the problematic regions.