Data protection

Internet Facing EC2 Instance with Broad S3 Access

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, STIG K8s, UK Cyber Essentials

Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have broad access to S3 via its Instance Profile ({AwsEc2Instance.InstanceProfile}). Access is considered too broad if the instance is given permissions to all S3 Actions (s3:*) or all S3 Resources (arn:aws:s3:::*).
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo