AWS S3 Bucket is Public

Description:

AWS S3 buckets can be configured to be publicly accessible, either by setting the bucket policies or by using the S3 Access Control Lists (ACLs). Public S3 buckets can be accessed by anyone, potentially exposing sensitive data. Ensuring that your S3 buckets are not publicly accessible reduces the risk of unauthorized access to the data stored within.


Remediation:

1. Restrict Public Access to S3 Buckets:

AWS Management Console:
  • Navigate to the S3 service.
  • Select the desired bucket.
  • Under the Permissions tab, click on Block public access (bucket settings).
  • Make sure all settings are set to On to block all public access.
  • Click on Save.
AWS CLI:
aws s3api put-public-access-block --bucket <YOUR-BUCKET-NAME> --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
Terraform:
resource "aws_s3_bucket" "bucket" {
  bucket = "<YOUR-BUCKET-NAME>"
  acl    = "private" # Ensure the bucket is private

  # ... other configurations ...

  # Block public access configurations
  public_access_block_configuration {
    block_public_acls   = true
    block_public_policy = true
    ignore_public_acls  = true
    restrict_public_buckets = true
  }
}

Replace <YOUR-BUCKET-NAME> with the name of your S3 bucket.


Recommendation:

Always review and audit your S3 bucket permissions regularly. Ensure that no sensitive data is stored in public buckets. If public access is needed, make sure to limit the exposed data and be aware of what is being shared.