<  Back to rules search

S3 bucket content cannot be listed by users

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your ACL permission to remove READ access for authenticated AWS accounts or IAM users.

Rationale

READ access allows any authenticated IAM user or AWS authenticated account to list all objects within your bucket and exploit objects with misconfigured ACL permissions.

Remediation

Console

Follow the Configuring ACLs: Using the S3 console to set ACL permissions for a bucket docs to deselect the Bucket ACL - Read permission and update ACL permissions.

CLI

  1. Run put-bucket-acl with your bucket name and ACL to private.

put-bucket-acl.sh

  aws s3api put-bucket-acl
    --bucket your-s3-bucket-name
    --acl private