Skip to main content

lacework-global-140

Ensure the attached S3 bucket policy does not grant 'Allow' permission to everyone

Description

The S3 Bucket policy gives 'Allow' permission to everyone. It is best practice to restrict policies to specific principals for whom the permissions are intended.

Remediation

Perform the following to remove permissions for everyone from the S3 bucket:

  1. Sign in to the AWS Management Console

  2. Select Services

  3. Select S3

  4. Select the bucket to change

  5. Navigate to Permissions

  6. Navigate to Bucket Policy and select Edit

  7. Check for any Statement with Effect set to 'Allow', Principal set to '' or 'AWS':'', and no conditions

  8. To disable access, remove the Statement

  9. To limit access to a specific AWS account or IAM user, replace the unrestricted Principal element with the Amazon Resource Name (ARN) of the AWS account or user

  10. Select Save changes

  11. Repeat steps 4-10 for each bucket requiring updated permissions