This rule ensures S3 buckets restrict public read access for enhanced security.
Rule | S3 buckets should prohibit public read access |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ Medium |
Rule Description:
The rule specifies that S3 buckets must prohibit public read access for FedRAMP Low Revision 4 compliance. This means that the bucket must not allow anonymous access to read or download any of the objects stored within it.
Troubleshooting Steps:
Necessary Codes:
There are no specific codes for troubleshooting this rule, as it involves reviewing and configuring access control settings within the AWS Management Console or using AWS CLI commands.
Step-by-step Guide for Remediation:
AWS Management Console:
AWS CLI:
aws s3api list-buckets
aws s3api get-bucket-acl --bucket <bucket-name>
aws s3api put-bucket-acl
command.aws s3api list-objects --bucket <bucket-name>
aws s3api put-object-acl --bucket <bucket-name> --key <object-key> --acl private
Note: Make sure to replace
<bucket-name>
and <object-key>
with appropriate values.By following these steps, you will ensure that the S3 bucket complies with the rule and prohibits public read access as required for FedRAMP Low Revision 4 compliance.