Bucket policy grants Write permissions to public
Description
S3 policies allow setting public permissions for the bucket they are attached to. Misconfiguration could lead to these policies allowing public Write access to the bucket. Granting public Write permissions to a bucket may expose you to abuse of storage, lead to unexpected charges, or storage of malicious files.
Fix - Runtime
AWS Console
To change the policy using the AWS Console, follow these steps:
- Log in to the AWS Management Console at https://console.aws.amazon.com/.
- Open the Amazon S3 console.
- Navigate to the S3 service, then click on the bucket violating this check.
- Navigate to the Permissions section.
- Select Bucket Policy.
- Look for a statement that allows write, either through s3:Put actions or through s3:* actions, using the following command:
bash
{
Sid: BadPractice,
Effect: Allow,
Principal: *,
Action: s3:*,
Resource: <YOUR_BUCKET_ARN>
}
7. To apply the policy to the bucket, click Save.