IAM misconfigurations

Internet-Facing Ec2 Instance Has Full Access to S3

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have full access to your S3 resources. Instance Profiles with the AmazonS3FullAccess policy attached grant unrestricted access (Action: 's3:*') to S3 resources on the account (Resource: '*'). In the event that the asset is compromised, this will grant the attacker full access to any data stored on your S3 resources.

  • Recommended Mitigation

    Detach the 'AmazonS3FullAccess' policy from the instance's Instance Profile ({AwsEc2Instance.InstanceProfile}). When writing policies, make sure to adhere to the 'Least Privilege' principal, as described here: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.