Rewrite S3 bucket policies to only allow access to the accounts/applications/services that really need it. ## Remediation --- >1. Sign to the AWS Management Console and open the **[S3 console](https://console.aws.amazon.com/s3)**. >2. Select the desired S3 bucket by clicing on its name. >3. Under **Permissions** tab, go to **Bucket policy** and choose **Edit**. >4. Edit the policy's **Principal** block to allow only recognized accounts/applications/services. >5. Choose **Save changes**.