S3 bucket should not allow all actions from all principals

Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion

Suggest Edits

Risk Level: Critical
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.CFT.IAM.02
Covered by Spectral: No
Category: Storage

GSL LOGIC

AWS_S3_BucketPolicy should not have PolicyDocument.Statement contain [ Effect='Allow' and Principal='*' and (Action contain [$ = '*'] or Action = '*' ) ]

REMEDIATION

From CFT
Modify AWS::S3::Bucket PolicyDocument property and remove policies for s3: actions for principals ''. If necessary, modify the policy instead, to limit the access to specific principals

References

https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html

Simple Storage Service (S3)

Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ï¿½ï¿½ï¿½ web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu

Compliance Frameworks

AWS CloudFormation ruleset

Updated about 1 year ago