Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.x

HIGH

Description

Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion.

Remediation

In AWS Console -

  1. Sign in to the AWS console and go to the S3 console.
  2. Choose the bucket you wish to edit.
  3. Select the Permissions tab.
  4. Confirm your public access and policy settings.
  5. Under Access control list (ACL), select Edit and edit the acl accordingly.
  6. Select Save changes.

In Terraform -

  1. For each aws_s3_bucket resource, add an aws_s3_bucket_acl resource.
  2. Create either an acl field or access_control_policy block; the policy should be configured with least privilege in mind.

References:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl

Policy Details

Rule Reference ID: S3_AWS_0014
CSP: AWS
Remediation Available: Yes
Resource: aws_s3_bucket
Resource Category: Storage
Resource Type: S3 Bucket

Frameworks