- GG_ID: GG_IAC_0057
- Severity: HIGH
- Complexity: LOW
- Categories: DATA
- Providers: AWS
- Potential data exposure: True
- Visible in logs: True
- User interaction required: False
- Privileges required: False
AWS S3 Access control lists (ACLs) enable you to manage access to buckets and objects.
Canned ACL are predefined grants. For example, the
public-read canned ACL will allow
anyone to read the content of a bucket with such ACL associated.
The canned ACL defined on the bucket allow public access to the bucket and the objects it contains.
- Data leakage.
- Data tampering (if the ACL is
- Use private canned ACL.
- Use ACL with specific grantee, instead of canned ACL.