Data protection

S3 bucket policy allows any action from all principles

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Bucket Policy governs the access permissions on AWS S3 resources. This policy checks whether the S3 bucket is configured with bucket policy with ""Effect"":""Allow"", ""Principal"":""*"" and with any combination of allowed actions. This enables the bucket to be accessed by anyone, and if proper conditions are not added it could be exposed to the Internet. It was detected that the S3 bucket {AwsS3Bucket} allows any action from all principles. It is a best practice to grant limited access to specific authenticated users.
  • Recommended Mitigation

    It is recommended to edit the bucket policy to grant access only to specific authenticated users.