S3 Bucket ACL Allows Read to All Users
- Query id: a1ef9d2e-4163-40cb-bd92-04f0d602a15d
- Query name: S3 Bucket ACL Allows Read to All Users
- Platform: Ansible
- Severity: High
- Category: Access Control
- CWE: 732
- URL: Github
Description¶
S3 Buckets should not be readable to all users
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Create an empty bucket
amazon.aws.aws_s3:
bucket: mybucket
mode: create
permission: public-read
- name: Create an empty bucket2
amazon.aws.aws_s3:
bucket: mybucket
mode: create
permission: public-read-write