S3 Bucket ACL Allows Read to Any Authenticated User

  • Query id: 75480b31-f349-4b9a-861f-bce19588e674
  • Query name: S3 Bucket ACL Allows Read to Any Authenticated User
  • Platform: Ansible
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

S3 Buckets should not be readable to any authenticated user
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
---
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: authenticated-read

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: private