S3 Bucket With Public Access

• Query id: c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9
• Query name: S3 Bucket With Public Access
• Platform: Ansible
• Severity: Critical
• Category: Access Control
• CWE: 284
• URL: Github

Description

S3 Bucket allows public access
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: public-read
- name: Create an empty bucket 01
  amazon.aws.aws_s3:
    bucket: mybucket 01
    mode: create
    permission: public-read-write

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: private
- name: Create an empty bucket 02
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create