Ensure that your S3 buckets are not granting FULL_CONTROL access to authenticated accounts or IAM users in order to prevent unauthorized access. An S3 bucket that allows full control access to authenticated users will give any AWS account or IAM user the ability to list, upload and delete objects, view and edit permissions for the objects within the bucket
Recommended Mitigation
Change the {AwsS3Bucket} bucket policy to block authenticated FULL_CONTROL access