S3 bucket policy should prevent public write access
Description
Update your bucket policy as your Amazon S3 bucket is writeable by anyone.
Rationale
When misconfigured, an S3 bucket policy can grant anyone the ability to write to the contents of an S3 bucket. This gives an attacker the ability to modify objects in the bucket or create new ones.
Remove or modify the existing bucket policy to prevent anyone from being able to write to it.
From the console
Follow the Controlling access to a bucket with user policies docs to edit your existing policy and remove the access.
From the command line
- Run the
delete-bucket-policy
command to fully remove any public write access to the bucket.aws s3api delete-bucket-policy \
--bucket insert-bucket-name-here
- If you need a bucket policy, create a new non-public bucket policy using the AWS Policy Generator.
- Apply the bucket policy from Step 2 with the
put-bucket-policy
command.aws s3api put-bucket-policy
--bucket insert-bucket-name-here
--policy file://insert-bucket-policy-file-name-here.json