lacework-global-134
Ensure the bucket Access Control List (ACL) does not grant 'Everyone' FULL_CONTROL [READ, WRITE, READ_ACP, WRITE_ACP]
Description
The S3 bucket ACL gives 'Everyone' total control of the bucket and the bucket ACL. It is best practice to restrict FULL_CONTROL.
Note: S3 buckets created with the default/recommended AWS settings have ACLs turned off and are therefore compliant with this policy.
Remediation
Perform the following to revoke FULL_CONTROL for 'Everyone':
- Sign in to the AWS Management Console.
- Select Services.
- Select S3.
- Select the bucket to change.
- Navigate to Permissions.
- Navigate to Access Control List and select Edit.
- Against Everyone (public access), clear 'List' and 'Write' under Objects, and 'Read' and 'Write' under Bucket ACL.
- Select Save changes.
- Repeat steps 4-8 for each bucket requiring updated permissions.