S3 Bucket Allows Public ACL
- Query id: 48f100d9-f499-4c6d-b2b8-deafe47ffb26
- Query name: S3 Bucket Allows Public ACL
- Platform: CloudFormation
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
S3 bucket allows public ACL
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
Bucket11:
Type: AWS::S3::Bucket
Properties:
---
Resources:
Bucket12:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicPolicy : true
IgnorePublicAcls : true
RestrictPublicBuckets : true
---
Resources:
Bucket13:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: false
BlockPublicPolicy : true
IgnorePublicAcls : true
RestrictPublicBuckets : true
Positive test num. 2 - json file
{
"Resources": {
"Bucket1": {
"Type": "AWS::S3::Bucket",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": false,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"AccessControl": "Private"
}
}
}
}