S3 Bucket has public Read access

ID

aws_s3_bucket_acl_read

Severity

critical

Vendor

AWS

Resource

IAM

Tags

reachable

Description

S3 Bucket has public Read access. Anonymous users can read all objects in your Bucket and use this information to exploit vulnerabilities.

To fix it, you must configure the permision property without public-read, public-read-write or aws-exec-read values.

You have more information about permissions here.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an empty bucket
      aws_s3:
        bucket: mybucket
        mode: create
        permission:
         - public-read

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an empty bucket
      aws_s3:
        bucket: mybucket
        mode: create # By default the permission is private