AWS S3 buckets content cannot be publicly listed in order to protect against unauthorized access. An S3 bucket that grants READ (LIST) access to everyone can allow anonymous users to list the objects within the bucket. Malicious users can exploit the information acquired through the listing process to find objects with misconfigured ACL permissions and access these compromised objects.
There are two methods to remove world access to your S3 bucket :
A. To Remove ACL access permissions for an S3 bucket which is world writable:
B. Perform the following steps to modify the policy :