S3 bucket ACLs should be restricted from public view

s3
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Modify your bucket ACL to remove public READ_ACP access.

Rationale

  • Public READ_ACP access gives anyone the ability to read the bucket ACL. With this permission, anyone can see who controls your objects. This information can potentially be used to find misconfigured permissions and gain access to your S3 data.

For more information about S3 bucket ACLs, see the Access control list (ACL) documentation.

Remediation

From the console

Follow the Controlling access to a bucket with user policies documentation to edit your existing policy and set the policy permissions to private.

From the command line

  1. Run put-bucket-acl with your S3 bucket name and the ACL set to private.

    aws s3api put-bucket-acl
 --bucket your-bucket-name
 --acl private
PREVIEWING: may/unit-testing