Overview
This security finding is displayed whenever our system detects that one or more of your Amazon S3 buckets may be publicly accessible. Publicly accessible buckets pose a risk because they can potentially expose sensitive data to anyone on the internet.
How Is This Finding Determined?
We look at two main factors for each S3 bucket:
-
Block Public Access Setting
- If you have Block All Public Access turned off (disabled), your bucket is capable of allowing public access.
-
Bucket Policy
- A bucket policy can override other permissions and specifically allow public access. If the policy grants
Allow
forPrincipal: *
(any user), the bucket is considered publicly accessible.
- A bucket policy can override other permissions and specifically allow public access. If the policy grants
If our system detects that Block All Public Access is disabled and a bucket policy is configured (which could permit public access), you will see the “Public Amazon S3 Buckets Need to Be Secured” finding on your dashboard.
Recommended Actions
-
We recommend enable "Block all Public Access" when possible
- In the AWS Management Console, navigate to S3 > [Your Bucket] > Permissions tab.
- Under Block public access (bucket settings), make sure that all options (including “Block all public access”) are checked.