Data at risk

S3 Bucket Policy allows cross account access

Platform(s)
Compliance Frameworks

AWS Foundational Security Best Practices Controls, Brazilian General Data Protection (LGPD), CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

Amazon S3 (Simple Storage Service) is a service that provides object storage from anywhere in the world through the AWS service interface. The object are stored in containers called buckets. We have detected that the S3 Bucket {AwsS3Bucket} contains a policy that allows cross account access to the following AWS accounts: [{AwsS3Bucket.CrossAccountFindings}]. Unauthorized access to a bucket can lead to abuse of the S3 service such as reading, deleting and altering the data stored in the bucket.