<  Back to rules search

S3 bucket content permissions cannot be viewed by anonymous users

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Modify your access control permissions to remove public READ_ACP access.

Rationale

Public READ_ACP access gives any user on the internet the READ Access Control List (ACL) permission. With this permission, anonymous users can see who controls your objects, and this information can be used to find misconfigured permissions and gain access to your S3 data.

Remediation

Console

Follow the Controlling access to a bucket with user policies docs to edit your existing policy and set the policy permissions to private.

CLI

  1. Run put-bucket-acl with your S3 bucket name and the ACL set to private.

put-bucket-acl.sh

  aws s3api get-bucket-acl
    --bucket your-bucket-name
    --acl private