S3 bucket contents should only be accessible by authorized principals

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Update your bucket policy as the contents of your Amazon S3 bucket are publicly accessible.

Rationale

Unintentionally exposed Amazon S3 buckets have led to numerous data breaches and leaks. When misconfigured, an S3 bucket policy can permit anyone to download the contents of an Amazon S3 bucket.

Note: If the bucket is configured to host a static website, this rule does not trigger because bucket contents are expected to be public to serve the site.

Remediation

Ensure that there is a valid business justification as to why the bucket and all of its contents have been made public. If there is no valid reason, follow these steps to prevent public access.

From the console

Follow the Controlling access to a bucket with user policies docs to edit your existing policy and set the policy permissions to private.

From the command line

  1. Run the delete-bucket-policy command to fully remove any public access to the bucket.
    aws s3api delete-bucket-policy \
      --bucket insert-bucket-name-here
    
  2. If you need a bucket policy, create a new non-public bucket policy using the AWS Policy Generator.
  3. Apply the bucket policy from Step 2 with the put-bucket-policy command.
    aws s3api put-bucket-policy
      --bucket insert-bucket-name-here
      --policy file://insert-bucket-policy-file-name-here.json
    
PREVIEWING: rtrieu/product-analytics-ui-changes