Data at risk

S3 Bucket Allows Public READ_ACP Access

Risk Level

Hazardous (3)



Ensure that your S3 buckets content permissions details cannot be viewed by anonymous users in order to protect against unauthorized access. An S3 bucket that grants READ_ACP (view permissions) access to everyone can allow unauthorized users to look for the objects ACL (Access Control List) permissions
  • Recommended Mitigation

    Change the {AwsS3Bucket} bucket policy to block public READ_ACP access