AWS-S3-S3-Bucket-All-Users-Policy

Severity: High

Description: This control ensures that bucket policy allows read or write access to Everyone. Allowing unrestricted access increases opportunities for loss of data. S3 bucket using bucket policy can allow any user to read, upload, modify or delete contents of the bucket resulting in data loss and unexpected charges for the S3 service.

Remediation Steps:

Perform following to update S3 bucket access policy :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to s3 console.

3. In the navigation pane,  select buckets.

4. Click on the bucket to be modified, click Permissions.

5. In the permissions pane, navigate to Bucket Policy section.

6. In the bucket policy editor, update value for Principal by removing wildcard * which represents open access and configuring appropriate account-arn(s) or canonical user ID(s).

7. Save bucket policy..

Important:

Reference:

• https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html