S3 bucket policy should prevent public write access

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Update your bucket policy as your Amazon S3 bucket is writeable by anyone.

Rationale

When misconfigured, an S3 bucket policy can grant anyone the ability to write to the contents of an S3 bucket. This gives an attacker the ability to modify objects in the bucket or create new ones.

Remediation

Remove or modify the existing bucket policy to prevent anyone from being able to write to it.

From the console

Follow the Controlling access to a bucket with user policies docs to edit your existing policy and remove the access.

From the command line

  1. Run the delete-bucket-policy command to fully remove any public write access to the bucket.
    aws s3api delete-bucket-policy \
      --bucket insert-bucket-name-here
    
  2. If you need a bucket policy, create a new non-public bucket policy using the AWS Policy Generator.
  3. Apply the bucket policy from Step 2 with the put-bucket-policy command.
    aws s3api put-bucket-policy
      --bucket insert-bucket-name-here
      --policy file://insert-bucket-policy-file-name-here.json
    
PREVIEWING: may/unit-testing