Skip to main content

lacework-global-134

Ensure the bucket ACL does not grant 'Everyone' FULL_CONTROL [READ, WRITE, READ_ACP, WRITE_ACP]

Description

The S3 bucket ACL gives 'Everyone' total control of the bucket and the bucket ACL. It is best practice to restrict FULL_CONTROL.

Note: S3 buckets created with the default/recommended AWS settings have ACLs disabled and will therefore be compliant with this policy.

Remediation

Perform the following to revoke FULL_CONTROL for 'Everyone':

Sign in to the AWS Management Console
Select Services
Select S3
Select the bucket to change
Navigate to Permissions
Navigate to Access Control List and select Edit
Against Everyone (public access), uncheck 'List' and 'Write' under Objects, and 'Read' and 'Write' under Bucket ACL
Select Save changes
Repeat steps 4-8 for each bucket requiring updated permissions

Ensure the bucket ACL does not grant 'Everyone' FULL_CONTROL READ, WRITE, READ_ACP, WRITE_ACP
- Description
- Remediation