Amazon_S3_33

Ensure that S3 bucket ACLs don't allow 'READ' access for anonymous / AWS authenticated users

Description

Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion. To protect your S3 data from unauthorized access, make sure that anonymous users cannot access your Amazon S3 buckets.

Remediation

From Portal:
1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
2. In the Buckets list, choose the name of the bucket that you want to create a bucket policy for or whose bucket policy you want to edit.
3. Choose Permissions.
4. Under ACL, choose Edit and modify the ACL configuration for the S3 bucket.
5. On the Edit ACL page, Under Objects uncheck the relevant permission box.
Check the box which say I understand the effects of these changes on my objects and buckets”.
6. Choose Save changes which returns you to the Bucket Permissions page.

From Command Line:
To deny the ACLs permissions for everyone

Service

S3

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!