Internet Facing EC2 Instance with Broad S3 Access

Data protection

Internet Facing EC2 Instance with Broad S3 Access

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO 27701
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
STIG K8s
UK Cyber Essentials

Description

The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have broad access to S3 via its Instance Profile ({AwsEc2Instance.InstanceProfile}). Access is considered too broad if the instance is given permissions to all S3 Actions (s3:*) or all S3 Resources (arn:aws:s3:::*).

Recommended Mitigation

Limit the instance's access to S3 by granting it specific action permissions and defining the specific resources it should have access to. This can be achieved by revising the instance's IAM Instance Profile - {AwsEc2Instance.InstanceProfile}.

Internet Facing EC2 Instance with Broad S3 Access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS