S3 Bucket ACL Allows Read to All Users

  • Query id: a1ef9d2e-4163-40cb-bd92-04f0d602a15d
  • Query name: S3 Bucket ACL Allows Read to All Users
  • Platform: Ansible
  • Severity: High
  • Category: Access Control
  • CWE: 732
  • URL: Github

Description

S3 Buckets should not be readable to all users
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: public-read
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: public-read-write

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: private
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create