S3 Bucket has Read access for all authenticated users

ID

aws_s3_bucket_acl_authenticated_read

Severity

critical

Vendor

AWS

Resource

IAM

Tags

reachable

Description

S3 Bucket has Read access for all authenticated users. All Authenticated users can read all objects in your Bucket and use this information to exploit vulnerabilities.

To fix it, you must configure the permision property without authenticated-read value.

You have more information about permissions here.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an empty bucket
      aws_s3:
        bucket: mybucket
        mode: create
        permission:
         - authenticated-read

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an empty bucket
      aws_s3:
        bucket: mybucket
        mode: create # By default the permission is private