Ensure that your S3 buckets do not allow authenticated AWS accounts or IAM users to modify access control permissions to protect your S3 data from unauthorized access. An S3 bucket that allows WRITE_ACP access to AWS authenticated users can give these the capability to edit permissions and gain full access to the resource. Allowing this type of access is dangerous and can lead to data loss or unexpected charges
Recommended Mitigation
Change the {AwsS3Bucket} bucket policy to block authenticated WRITE_ACP access