Data at risk

S3 Bucket Allows Public Access via Bucket Policies

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Ensure that your S3 buckets are not publicly accessible via bucket policies in order to protect against unauthorized access. Allowing unrestricted access through bucket policies gives everyone the ability to list the objects within the bucket (ListBucket), download objects (GetObject), upload/delete objects (PutObject, DeleteObject), view objects permissions (GetBucketAcl), edit objects permissions (PutBucketAcl) and more.

  • Recommended Mitigation

    Set the bucket's policy to provide access to known parties only.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.