S3 bucket objects are restricted from being listed by all authenticated users

s3
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

WARNING: This rule is being deprecated on 15 July 2023

Description

Update your ACL permission to remove READ access for authenticated AWS accounts or IAM users.

Rationale

READ access allows any authenticated IAM user or AWS authenticated account to list all objects within your bucket and exploit objects with misconfigured ACL permissions.

Remediation

From the console

Follow the Configuring ACLs: Using the S3 console to set ACL permissions for a bucket docs to deselect the Bucket ACL - Read permission and update ACL permissions.

From the command line

  1. Run put-bucket-acl with your bucket name and ACL to private.

put-bucket-acl.sh

  aws s3api put-bucket-acl
    --bucket your-s3-bucket-name
    --acl private