S3 Bucket With Public Access

  • Query id: c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9
  • Query name: S3 Bucket With Public Access
  • Platform: Ansible
  • Severity: Critical
  • Category: Access Control
  • CWE: 284
  • URL: Github

Description

S3 Bucket allows public access
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: public-read
- name: Create an empty bucket 01
  amazon.aws.aws_s3:
    bucket: mybucket 01
    mode: create
    permission: public-read-write

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: private
- name: Create an empty bucket 02
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create