S3 Bucket ACL Allows Read to All Users

• Query id: a1ef9d2e-4163-40cb-bd92-04f0d602a15d
• Query name: S3 Bucket ACL Allows Read to All Users
• Platform: Ansible
• Severity: High
• Category: Access Control
• URL: Github

Description

S3 Buckets should not be readable to all users
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: public-read
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: public-read-write

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create an empty bucket
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create
    permission: private
- name: Create an empty bucket2
  amazon.aws.aws_s3:
    bucket: mybucket
    mode: create