AWS-IAM-Unexpected-S3-Listing-Principal

Severity : Critical

Description : The ability to list s3 buckets, and get objects from them, should be restricted largely to people as compromising an EC2 with this privilege could lead to exfiltration of data.

Description: This control ensures that  s3 buckets policy doesn’t allows listing operation by anonymous or unauthorized IAM Users. The ability to list s3 buckets, and get objects from them, should be restricted largely to people as compromising an EC2 with this privilege could lead to exfiltration of data.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to S3 console.

3. In the navigation pane, choose buckets.

4. From the list of buckets, select the reported bucket.

5. In the Permission tab, Click on the Bucket Policy.

6. Update the S3 bucket policy, by removing Principal containing wildcard(*) to specific accounts.

7. If Listing Action have principal update them by removing Principal containing wildcard(*) to specific accounts.

8. Update the Action to specific actions , instead of wild card.

Important:

Reference:

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-bucket-user-policy-specifying-principal-intro.html

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-alternatives-guidelines.html

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html