lacework-global-100
Ensure the attached S3 bucket policy does not grant global 'List' permission
Description
The S3 Bucket policy gives 'Allow' for global 'List' permission to everyone. It is best practice to restrict policies to specific actions rather than one global action.
Remediation
Perform the following to remove List permissions for everyone from the S3 bucket:
Sign in to the AWS Management Console
Select Services
Select S3
Select an S3 bucket
Select Permissions
Select Edit next to Bucket policy
Locate any statement with Effect value set to 'Allow' with a Principal element set to '' or 'AWS':'' and no conditions
To entirely disable access remove the statement
To limit permissions to specific actions, replace global 'List' actions with specific 'List' actions
Select Save changes
Repeat steps 4-10 for each bucket requiring updated permissions