Data protection

S3 bucket policy grants public access on all actions

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Bucket Policy governs the access permissions on AWS S3 resources. This policy checks whether the S3 bucket is configured with bucket policy with ""Effect"":""Allow"", ""Principal"":""*"" and ""Action"":""*"". This enables the bucket to be accessed by anyone, and if proper conditions are not added it could be exposed to the Internet. It was detected that the S3 bucket {AwsS3Bucket} grants public access on all actions. It is a best practice to grant limited access to specific authenticated users.
  • Recommended Mitigation

    It is recommended to edit the bucket policy to grant access only to specific authenticated users.