<  Back to rules search

S3 bucket content permissions cannot be viewed by authenticated users

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your ACL permission to remove READ_ACP access for authenticated AWS accounts and AWS IAM users.

Rationale

AWS authenticated accounts and users with READ_ACP access can examine Amazon S3 Access Control Lists (ACLs) configuration details. This information can be used maliciously to find misconfigured permissions and implement methods to access your S3 data.

Remediation

Console

Follow the Configuring ACLs: Using the S3 console to set ACL permissions for a bucket docs to remove READ_ACP access for AWS signed users.

CLI

  1. Run put-bucket-acl with your Amazon S3 bucket name and ACL set to private.

put-bucket-acl.sh

  aws s3api put-bucket-acl
    --bucket your-s3-bucket-name
    --acl private