Data at risk

S3 Bucket Allows Authenticated WRITE_ACP Access

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Ensure that your S3 buckets do not allow authenticated AWS accounts or IAM users to modify access control permissions to protect your S3 data from unauthorized access. An S3 bucket that allows WRITE_ACP access to AWS authenticated users can give these the capability to edit permissions and gain full access to the resource. Allowing this type of access is dangerous and can lead to data loss or unexpected charges

  • Recommended Mitigation

    Change the {AwsS3Bucket} bucket policy to block authenticated WRITE_ACP access

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.