S3 Bucket Allows Public Policy
- Query id: 860ba89b-b8de-4e72-af54-d6aee4138a69
- Query name: S3 Bucket Allows Public Policy
- Platform: CloudFormation
- Severity: High
- Category: Access Control
- URL: Github
Description¶
S3 bucket allows public policy
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
Bucket11:
Type: AWS::S3::Bucket
Properties:
---
Resources:
Bucket12:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
RestrictPublicBuckets : true
---
Resources:
Bucket13:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: false
BlockPublicPolicy : false
IgnorePublicAcls : false
RestrictPublicBuckets : true
Positive test num. 2 - json file
{
"Resources": {
"Bucket1": {
"Type": "AWS::S3::Bucket",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": false,
"BlockPublicPolicy": false,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": true
},
"AccessControl": "Private"
}
}
}
}