AWS-S3-Policies-With-Write-Access

Severity : Critical

Description: This control ensures that S3 bucket policy does not allows write access to Everyone anonymous. Allowing unrestricted write access increases opportunities for security risks. The write access allows users to DELETE from the bucket, So Write access S3 bucket using bucket policy can allow any user to read, upload, modify or delete contents of the bucket resulting in data loss and unexpected charges for the S3 service.

Remediation Steps:

Perform following to update S3 bucket access policy :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to s3 console.

3. In the navigation pane,  select buckets.

4. Click on the bucket to be modified, click Permissions.

5. Navigate to Access control List, Select Edit.

6. Under Access control list (ACL), uncheck box for Write for Everyone (public access) in Objects columns.

7. Select Save changes.

Important:

Reference:

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html

• https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html