Not restricting public access on a S3 bucket can lead to data leakage
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | AWS | DATA |
Description#
AWS S3 Block Public Access is a feature that allows setting up centralized controls to manage public access to S3 resources.
Enforcing the RestrictPublicBuckets rule on a bucket allows to make sure only AWS service principals and authorized users within the bucket owner's account will be able to access the bucket.
Impact#
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | True | False | False |
- Data leakage.
- Data tampering.
Remediation guidelines#
Associate a S3 BlockPublicAccess with RestrictPublicBuckets enabled to the bucket.