<  Back to rules search

S3 bucket does not allow users full control access

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your ACL permission to remove FULL_CONTROL access for authenticated AWS accounts and AWS IAM users.

Rationale

FULL_CONTROL access allows any IAM user or AWS authenticated account to view, upload, modify and delete S3 objects without restriction.

Remediation

Console

Follow the Configuring ACLs: Using the S3 console to set ACL permissions for a bucket docs to remove FULL_CONTROL access and update ACL permissions.

CLI

  1. Run put-bucket-acl with your bucket name and ACL to private.

put-bucket-acl.sh

  aws s3api put-bucket-acl
    --bucket your-s3-bucket-name
    --acl private