Data at risk

S3 Bucket Allows Authenticated READ Access

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
    • ,
  • CCPA
    • ,
  • CPRA
    • ,
  • Data Security Posture Management (DSPM) Best Practices
    • ,
  • GDPR
    • ,
  • HITRUST
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • Mitre ATT&CK
    • ,
  • New Zealand Information Security Manual
    • ,
  • NIST 800-171
    • ,
  • NIST 800-53
    • ,
  • Orca Best Practices
    • ,
  • PDPA
    • ,
  • UK Cyber Essentials

Description

Ensure that your S3 buckets content cannot be listed by AWS authenticated accounts or IAM users in order to protect your S3 data against unauthorized access. An S3 bucket that allows READ (list) access to authenticated users will provide AWS accounts or IAM users the ability to list the objects within the bucket and use the information acquired to find objects with misconfigured ACL permissions and exploit them
Need help?

Get a free Security Risk Assessment. Start today

Demo the Orca Platform

In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Get a Demo