Back to All Checks
Critical S3

S3 general purpose buckets should block public write access

PCI DSSNISTISO 27001HIPAA

Description

Checks if S3 buckets block public write access through both ACLs and bucket policies.

Remediation

To block public write access for S3 buckets, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon S3 console.
  2. Choose the name of the bucket to modify.
  3. Select the 'Permissions' tab.
  4. In 'Block Public Access' settings, enable 'Block public access to buckets and objects granted through new/any ACLs'.
  5. Review the 'Access Control List (ACL)' section to ensure no public 'WRITE' permissions are granted.
  6. Review the bucket policy to ensure it does not allow 's3:PutObject' or any overly permissive actions (such as 'Action: *' with 'Principal: *' or 'Principal: AWS: *').
  7. For specific write permissions, use IAM roles and policies to allow secure access.

Compliance

PCI DSSNISTISO 27001HIPAA
Start Your Free Security Check