Data at risk

S3 Bucket Allows Authenticated FULL_CONTROL Access

Risk Level

Hazardous (3)



Ensure that your S3 buckets are not granting FULL_CONTROL access to authenticated accounts or IAM users in order to prevent unauthorized access. An S3 bucket that allows full control access to authenticated users will give any AWS account or IAM user the ability to list, upload and delete objects, view and edit permissions for the objects within the bucket
  • Recommended Mitigation

    Change the {AwsS3Bucket} bucket policy to block authenticated FULL_CONTROL access