<  Back to rules search

S3 bucket is not publicly accessible for write actions by anonymous users

s3

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Modify your access control permissions to remove public WRITE access.

Rationale

Public WRITE access gives unauthorized users the ability to add, replace, and delete objects within a bucket. Attackers can use these abilities to access your data or incur charges on your AWS bill.

Remediation

Console

Follow the Controlling access to a bucket with user policies docs to edit your existing policy and set the policy permissions to private.

CLI

  1. Run put-bucket-acl with your S3 bucket name and the ACL set to private.

put-bucket-acl.sh

  aws s3api get-bucket-acl
    --bucket your-bucket-name
    --acl private