<  Back to rules search

S3 bucket is not publicly accessible to anonymous users

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Set your Amazon S3 bucket to private.

Rationale

Publicly accessible Amazon S3 buckets grant FULL_CONTROL access to everyone, including anonymous users. FULL_CONTROL grants users the ability to upload, modify, delete, and view S3 objects.

Remediation

Console

Follow the Configuring ACLs: Using the S3 console to set ACL permissions for a bucket docs to remove FULL_CONTROL access and update ACL permissions.

CLI

  1. Run put-bucket-acl with your bucket name and ACL set to private.

put-bucket-acl.sh

  aws s3api put-bucket-acl
    --bucket your-bucket-name
    --acl private