S3 Bucket Access to Any Principal
- Query id: 3ab1f27d-52cc-4943-af1d-43c1939e739a
- Query name: S3 Bucket Access to Any Principal
- Platform: Ansible
- Severity: High
- Category: Access Control
- URL: Github
Description¶
Checks if the S3 bucket is accessible for all users
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
- name: Create a simple s3 bucket with a policy
amazon.aws.s3_bucket:
name: mys3bucket
policy:
Version: "2012-10-17"
Id: "sqspolicy"
Statement:
- Sid: First
Effect: Allow
Principal: "*"
Action: "*"
Resource: ${aws_sqs_queue.q.arn}
Condition:
ArnEquals:
aws:SourceArn: ${aws_sns_topic.example.arn}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create a simple s3 bucket with a policy
amazon.aws.s3_bucket:
name: mys3bucket
policy:
Version: '2012-10-17'
Id: sqspolicy
Statement:
- Sid: First
Effect: Deny
Principal: '*'
Action: '*'
Resource: ${aws_sqs_queue.q.arn}
Condition:
ArnEquals:
aws:SourceArn: ${aws_sns_topic.example.arn}