<  Back to rules search

S3 bucket is publicly accessible (via policy)

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your bucket policy as your Amazon S3 bucket is currently publicly accessible.

Rationale

Publicly accessible S3 buckets through bucket policies give any AWS user the ability to list, download, delete, and upload objects and edit object permissions.

Remediation

Console

Follow the Controlling access to a bucket with user policies docs to edit your existing policy and set the policy permissions to private.

CLI

  1. To remove the existing public bucket policy, run delete-bucket-policy with your bucket name.

delete-bucket-policy.sh

  delete-bucket-policy
  --bucket your-bucket-name
  
  1. Create a new non-public bucket policy using the AWS Policy Generator.