Ensure that your S3 buckets content permissions details cannot be viewed by anonymous users in order to protect against unauthorized access. An S3 bucket that grants READ_ACP (VIEW PERMISSIONS) access to everyone can allow unauthorized users to look for the objects ACL (Access Control List) permissions.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Granting public “READ_ACP” access to your S3 buckets can allow everyone on the Internet to see who controls your objects. Malicious users can use this information to find S3 objects with misconfigured permissions and implement probing techniques to help them gain access to your S3 data. Cloud Conformity strongly recommends against setting READ_ACP (VIEW PERMISSIONS) ACL permission for the “Everyone” grantee (predefined group) in production.
To determine if your AWS S3 buckets provide ACL permissions information to anonymous users, perform the following:
To remove public access to your S3 buckets ACL config information (ACL permissions), you need to perform the following: