<  Back to rules search

S3 bucket cannot be publicly listed

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Secure your AWS S3 bucket content as it is publicly accessible.

Rationale

Granting READ access to everyone allows unauthorized users to list objects within a bucket. Malicious users can use information exploited during this process to access compromised objects, which can lead to unfettered access to your data.

Remediation

Console

Follow the Blocking public access to your Amazon S3 storage docs to learn how to manage access control lists for existing S3 buckets.

Note: By default, new buckets, access points, and objects don’t allow public access.

CLI

  1. Run put-bucket-acl with your S3 bucket name and set the ACL of the bucket to private.

    put-bucket-acl.sh

    	aws s3api put-bucket-acl
    		--bucket webapp-data-repository
    		--acl private