Data at risk

S3 Bucket Allows Authenticated WRITE_ACP Access

Risk Level

Hazardous (3)



Ensure that your S3 buckets do not allow authenticated AWS accounts or IAM users to modify access control permissions to protect your S3 data from unauthorized access. An S3 bucket that allows WRITE_ACP access to AWS authenticated users can give these the capability to edit permissions and gain full access to the resource. Allowing this type of access is dangerous and can lead to data loss or unexpected charges
  • Recommended Mitigation

    Change the {AwsS3Bucket} bucket policy to block authenticated WRITE_ACP access