Data at risk

S3 Bucket Policy allows cross account access via AWS service

Risk Level

Hazardous (3)



Orca has detected a misconfigured S3 Bucket ({AwsS3Bucket}) policy which allows the service: {AwsS3Bucket.BucketPolicy.PolicyStatements.Principal|[Service]} to access the files in the bucket. Anyone using the service, including external users, can access the internal bucket files by utilizing the above principal.
  • Recommended Mitigation

    Add a condition to the bucket's policy in order to prevent un-authorized access to the bucket