logo
Prowler Documentation
S3 policies
Initializing search
    prowler-cloud/prowler
    • Intro
    • Prowler (V5)
    • Prowler Cloud
    • Prowler Checks
    • Prowler Pro SaaS (Legacy)
    • Community Slack
    • Prowler vs. Others
    • Product Security
    • Contact Us
    • Prowler.com
    prowler-cloud/prowler
    • Intro
    • Prowler (V5)
      • Index
      • Prowler Cloud
      • Pricing
      • AWS Marketplace
    • Prowler Checks
    • Prowler Pro SaaS (Legacy)
    • Community Slack
      • Index
      • AWS Security Hub
      • Microsoft Sentinel
      • Microsoft Defender for Cloud
      • Google Cloud Security Command Center
    • Product Security
    • Contact Us
    • Prowler.com

    S3 policies

    Ensure bucket ACL does not grant READ permission to everyone

    Ensure AWS S3 bucket is not publicly writable

    Ensure bucket ACL does not grant READ_ACP permission to everyone

    Ensure bucket ACL does not grant WRITE_ACP permission to everyone

    Ensure bucket ACL does not grant FULL_CONTROL permission to everyone

    Ensure bucket ACL does not grant READ permission to AWS users

    Ensure bucket ACL does not grant WRITE permission to AWS users

    Ensure bucket ACL does not grant READ_ACP permission to AWS users

    Ensure bucket ACL does not grant WRITE_ACP permission to AWS users

    Ensure bucket ACL does not grant FULL_CONTROL permission to AWS users

    Ensure S3 bucket policy does not grant Allow permission to everyone

    Ensure AWS access logging is enabled on S3 buckets

    Ensure data stored in the S3 bucket is securely encrypted at rest

    Ensure data is transported from the S3 bucket securely

    Ensure AWS S3 object versioning is enabled

    Ensure bucket policy does not grant Write permissions to public

    Ensure S3 bucket has block public ACLS enabled

    Ensure S3 bucket BlockPublicPolicy is set to True

    Ensure S3 bucket IgnorePublicAcls is set to True

    Ensure S3 bucket RestrictPublicBucket is set to True

    Ensure S3 bucket does not allow an action with any Principal

    Ensure S3 bucket MFA Delete is enabled

    Ensure S3 bucket modifications can be detected

    Copyright © ProwlerPro Inc.
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better.