Back to All Checks
High S3

S3 general purpose bucket policies should restrict access to other AWS accounts

NISTISO 27001HIPAA

Description

Checks if S3 bucket policies restrict permissions granted to other AWS accounts.

Remediation

To restrict permissions granted to other AWS accounts in S3 bucket policies, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon S3 console.
  2. In the Buckets list, choose the name of the bucket you want to review.
  3. Choose the 'Permissions' tab.
  4. Under 'Bucket Policy', review the policy. Look for statements granting permissions to AWS accounts outside of your organization.
  5. Modify the policy to remove or restrict permissions that are too broad or not necessary. Ensure that the policy follows the principle of least privilege, granting only the permissions required for the intended use.
  6. Validate the updated policy using the IAM policy simulator or another policy validation tool.
  7. Save the changes to the bucket policy.

Compliance

NISTISO 27001HIPAA
Start Your Free Security Check