S3 Bucket ACL Allows Read to Any Authenticated User

• Query id: 75480b31-f349-4b9a-861f-bce19588e674
• Query name: S3 Bucket ACL Allows Read to Any Authenticated User
• Platform: Ansible
• Severity: High
• Category: Access Control
• URL: Github

Description

S3 Buckets should not be readable to any authenticated user
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

---
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: authenticated-read

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: private