Ensure public access is disabled for AWS GlacierVault

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

AWS S3 and Glacier vaults can be configured to use IAM policies similar to most other Amazon services. To learn more about how to configure IAM policies to use with S3 Glacier, see the AWS documentation (below).

In Terraform -

In the aws_glacier_vault resource, set the access_policy field with the IAM policy accordingly.

References:
https://docs.aws.amazon.com/amazonglacier/latest/dev/access-control-identity-based.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glacier_vault

Policy Details

Rule Reference ID: AC_AWS_0125

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_glacier_vault

Resource Category: Storage

Resource Type: S3 Glacier

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0