BOM - AWS S3 Buckets
- Query id: b5d6a2e0-8f15-4664-bd5b-68ec5c9bab83
- Query name: BOM - AWS S3 Buckets
- Platform: CloudFormation
- Severity: Trace
- Category: Bill Of Materials
- URL: Github
Description¶
A list of S3 resources found. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: 2010-09-09
Description: Creating S3 bucket
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: BucketOwnerFullControl
BucketName: jenkins-artifacts
VersioningConfiguration:
Status: Enabled
Tags:
- Key: CostCenter
Value: ITEngineering
- Key: Type
Value: CICD
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: 'aws:kms'
KMSMasterKeyID: KMS-KEY-ARN
SampleBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Effect: Allow
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref DOC-EXAMPLE-BUCKET
- /*
Principal: '*'
Condition:
StringLike:
'aws:Referer':
- 'http://www.example.com/*'
- 'http://example.net/*'
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Description": "Creating S3 bucket",
"Resources": {
"JenkinsArtifacts03": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "jenkins-artifacts",
"VersioningConfiguration": {
"Status": "Enabled"
},
"Tags": [
{
"Key": "CostCenter",
"Value": "ITEngineering"
},
{
"Key": "Type",
"Value": "CICD"
}
],
"AccessControl": "BucketOwnerFullControl"
}
}
}
}