<  Back to rules search

S3 bucket is not publicly accessible

s3

Description

Update your AWS S3 bucket ACL to remove public READ access.

Rationale

Granting public READ allows anyone to list objects within a bucket. Note that it does not allow to directly read the actual bucket objects.

Remediation

From the console

Follow the Blocking public access to your Amazon S3 storage docs to learn how to manage access control lists for existing S3 buckets.

Note: By default, new buckets, access points, and objects don’t allow public access.

From the command line

  1. Run put-bucket-acl with your S3 bucket name and set the ACL of the bucket to private.
     aws s3api put-bucket-acl
     	--bucket webapp-data-repository
     	--acl private