lacework-global-140
Ensure the attached S3 bucket policy does not grant 'Allow' permission to everyone
Description
The S3 Bucket policy gives 'Allow' permission to everyone. It is best practice to restrict policies to specific principals for whom the permissions are intended.
Remediation
Perform the following to remove permissions for everyone from the S3 bucket:
Sign in to the AWS Management Console
Select Services
Select S3
Select the bucket to change
Navigate to Permissions
Navigate to Bucket Policy and select Edit
Check for any Statement with Effect set to 'Allow', Principal set to '' or 'AWS':'', and no conditions
To disable access, remove the Statement
To limit access to a specific AWS account or IAM user, replace the unrestricted Principal element with the Amazon Resource Name (ARN) of the AWS account or user
Select Save changes
Repeat steps 4-10 for each bucket requiring updated permissions