Data at risk

S3 Bucket is Accessible to Unmonitored Accounts

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

{AwsS3Bucket} has a policy that allows external AWS accounts to access it. This means that a malicious actor can also connect to the bucket and gain access to its contents.
  • Recommended Mitigation

    Rewrite S3 bucket policies to only allow access to the accounts/applications/services that really need it. ## Remediation --- >1. Sign to the AWS Management Console and open the **[S3 console](https://console.aws.amazon.com/s3)**. >2. Select the desired S3 bucket by clicing on its name. >3. Under **Permissions** tab, go to **Bucket policy** and choose **Edit**. >4. Edit the policy's **Principal** block to allow only recognized accounts/applications/services. >5. Choose **Save changes**.