Ensure permissions are tightly controlled for AWS GlacierVault

HIGH

Description

AWS GlacierVault allow sensitive permissions which may lead to unauthorized access and/or data leak.

Remediation

AWS S3 and Glacier vaults can be configured to use IAM policies similar to most other Amazon services. To learn more about how to configure IAM policies to use with S3 Glacier, see the AWS documentation (below).

In Terraform -

In the aws_glacier_vault resource, set the access_policy field with the IAM policy accordingly.

References:
https://docs.aws.amazon.com/amazonglacier/latest/dev/access-control-identity-based.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glacier_vault

Policy Details

Rule Reference ID: AC_AWS_0126

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_glacier_vault

Resource Category: Storage

Resource Type: S3 Glacier

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF

Detections

Analytics