Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:terraform-aws/aws-s3-no-principal
Language: Terraform
Severity: Warning
Category: Security
Description
This rule pertains to the specification of principals in the policy of S3 buckets in AWS. The principal is a crucial aspect of any AWS policy as it defines who is allowed to access the resource, in this case, the S3 bucket. It is important because specifying a broad principal such as ‘*’ opens the bucket to access from any AWS account, which can be a serious security risk.
Non-compliance with this rule can lead to unauthorized access to your S3 buckets and potential data breaches. You should always specify a principal that is as narrow as possible to limit access to only those entities that absolutely need it.
To adhere to this rule, ensure that you specify a specific AWS Amazon Resource Name (ARN) instead of using a wildcard (’*’). This way, you grant access only to the specified AWS account or user. For instance, instead of Principal = { AWS = "*" }, use Principal = { AWS = ["arn:aws:iam::something:user"] }. This helps you maintain the security of your AWS resources while ensuring that only authorized entities have access.
