Ensure that S3 Bucket restrict public access by ACL and policy

Other Security Rules

Description

S3 Buckets should not be reachable outside of the project by default. Any violation of this rule could cause major vulnerabilities and data loss.

Restrict public access to S3 bucket via the AWS Management Console

Step 1. Log in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3.

Step 2. On the left side menu, find the option "Block Public Access settings for this account.""

Step 3. Edit the settings and click on the required level of restriction. The option to "Block all public access" is preferable and will set it globally.

Step 4. Open the bucket, then open the tab "Permissions."

Step 5. Find the "Access control list (ACL)" part and ensure only the bucket owner has access to it.

Step 6. Find "Bucket policy" and check for any public configuration like "principal": * etc.

References