Data at risk

S3 Bucket Allows Public GET

Risk Level

Hazardous (3)

Compliance Frameworks


Orca has detected that your s3 bucket '{AwsS3Bucket}' can be publicly accessed for GET actions. An S3 bucket that grants GET (read) access to everyone can allow anonymous users to read the objects within the bucket.
  • Recommended Mitigation

    In order to protect your S3 data from unauthorized users, it is recommended to prevent public GET action on your s3 bucket '{AwsS3Bucket}'. It can be done by removing 's3:GetObject' from the bucket's policy or by setting the bucket's permissions to block public access. To edit the bucket's public access permissions, follow the instructions at: