Amazon_S3_15

Ensure S3 bucket should not be world-listable from anonymous users

Description

Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion.Granting public access to your S3 buckets can allow unauthorized users to list the objects available within the buckets and use this information to gain access to your data.

Remediation

Perform the following steps to modify the policy :

  1. Sign in to the AWS Management Console.
  2. Navigate to S3 dashboard at https://console.aws.amazon.com/s3/.
  3. Select the S3 bucket that you want to examine and click the Permissions tab.
  4. Inside the Permissions click on Bucket policy tab.
  5. Now Edit bucket policy to access the bucket policy currently used.
  6. In the Bucket Policy Editor dialog box, verify the Effect and Principal policy elements. Effect describes the permission effect that will be used when the user requests the action(s) defined in the policy – the element value can be either Allow or Deny. The Principal is the account or the user that has access to the actions and resources declared in the policy statement. If the Effect element value is set to Allow List actions and the Principal element value is set to “*” (i.e. everyone) or {“AWS”: “*”}, the selected S3 bucket is publicly accessible unless there is a Condition element, and can be marked as insecure.
  7. Change the Principal value which is “*” to Principal element specifying the user, account, service, or other entity that should be allowed or denied access to a resource.
  8. Repeat steps no. 3 &ndash

Service

S3

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!