<  Back to rules search

S3 bucket is not publicly exposed via bucket policy

s3

Description

Update your bucket policy as your Amazon S3 bucket is currently publicly accessible.

Rationale

Publicly accessible S3 buckets through bucket policies give any AWS user the ability to list, download, delete, and upload objects and edit object permissions.

Remediation

From the console

Follow the Controlling access to a bucket with user policies docs to edit your existing policy and set the policy permissions to private.

From the command line

  1. Run the delete-bucket-policy command to fully remove any public access to the bucket.

    aws s3api delete-bucket-policy \
      --bucket insert-bucket-name-here
    
  2. If you need a bucket policy, create a new non-public bucket policy using the AWS Policy Generator.

  3. Apply the bucket policy from Step 2 with the put-bucket-policy command.

    aws s3api put-bucket-policy
      --bucket insert-bucket-name-here
      --policy file://insert-bucket-policy-file-name-here.json