Ensure there aren't any publicly accessible S3 buckets available in your AWS account in order to protect your S3 data from loss and unauthorized access. A publicly accessible S3 bucket allows FULL_CONTROL access to everyone (i.e. anonymous users) to LIST (READ) the objects within the bucket, UPLOAD/DELETE (WRITE) objects, VIEW (READ_ACP) object permissions and EDIT (WRITE_ACP) object permissions. Cloud Conformity strongly recommends against using all these permissions for the “Everyone” ACL predefined group in production.
Granting public (FULL_CONTROL) access to your S3 buckets can allow malicious users to view, upload, modify and delete S3 objects, actions that can lead to severe security issues such as data loss and unexpected charges on your AWS bill.
To determine if your AWS S3 buckets access is granted to everyone, perform the following:
To remove public (FULL_CONTROL) access for your S3 buckets, perform the following: