Skip to main content

lacework-global-131

Ensure the bucket Access Control List (ACL) does not grant 'Everyone' write permission [create, overwrite, and delete S3 objects]

Description

The S3 bucket ACL gives 'Everyone' permission to create, write and delete objects in the bucket. It is best practice to restrict write permission to only principals who require it. Note: S3 buckets created with the default/recommended AWS settings have ACLs turned off and are therefore compliant with this policy.

Remediation

Perform the following to revoke write permission for 'Everyone':

  1. Sign in to the AWS Management Console.

  2. Select Services.

  3. Select S3.

  4. Select the bucket to change.

  5. Navigate to Permissions.

  6. Navigate to Access Control List and select Edit.

  7. Against Everyone (public access), clear 'Write' under Objects.

  8. Select Save changes.

  9. Repeat steps 4-8 for each bucket requiring updated permissions.

Last updated on