S3 Bucket Without Restriction Of Public Bucket
- Query id: 350cd468-0e2c-44ef-9d22-cfb73a62523c
- Query name: S3 Bucket Without Restriction Of Public Bucket
- Platform: CloudFormation
- Severity: Medium
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
S3 bucket without restriction of public bucket
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
Bucket11:
Type: AWS::S3::Bucket
Properties:
---
Resources:
Bucket12:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicPolicy : true
---
Resources:
Bucket13:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: false
BlockPublicPolicy : true
IgnorePublicAcls : false
RestrictPublicBuckets : false
Positive test num. 2 - json file
{
"Resources": {
"Bucket1": {
"Type": "AWS::S3::Bucket",
"Properties": {
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": false,
"BlockPublicPolicy": true,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": false
},
"AccessControl": "Private"
}
}
}
}