Ensure that your AWS S3 buckets are configured using policies to allow access only to specific (trusted) IP addresses in order to protect against unauthorized access. Prior to running this rule by the Cloud Conformity engine you need to configure the rule and provide the list of public IPv4 addresses that are allowed to access your S3 buckets.
Allowing untrustworthy access to your AWS S3 buckets can lead to unauthorized actions such as viewing, uploading, modifying or deleting S3 objects. To prevent S3 data exposure, data loss, unexpected charges on your AWS bill or you just want a central place to manage your buckets access using policies, you need to ensure that your S3 buckets are accessible only to a short list of whitelisted IPs. Note: Since S3 Bucket policies are limited to 20 KB in size, you must configure the rule with a short list of trusted IP addresses.
To determine if the access to your S3 buckets is restricted to specific IP addresses via bucket policies, perform the following:
To update your Amazon S3 buckets policy in order to grant access only to specific (trusted) IP addresses, perform the following:Note: As example, this rule section demonstrates how to grant permissions to specific IPs to perform any S3 operations on objects within the selected bucket.