S3 Access block should restrict public bucket to limit access
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | s3 |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The S3 bucket configuration does not restrict public access policies, allowing anyone to access the bucket if a public policy is attached. Without enabling ‘restrict_public_buckets’, public access controls can be bypassed, exposing data to the internet.
Impact#
If exploited, unauthorized users could access sensitive data stored in the S3 bucket, leading to data leakage, compliance violations, or potential misuse of information. Publicly accessible buckets are a common target for attackers and can result in significant data breaches.
Resolution#
Limit the access to public buckets to only the owner or AWS Services (eg; CloudFront)