Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Buckets Should Prohibit Public Write Access

This rule ensures S3 buckets do not allow public write access, enhancing security.

RuleS3 buckets should prohibit public write access
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
High

Rule Description:

The rule states that S3 buckets should have public write access prohibited specifically for the Federal Financial Institutions Examination Council (FFIEC). This rule aims to ensure the security and privacy of sensitive financial data and the compliance of S3 buckets with regulatory requirements.

Troubleshooting Steps:

No troubleshooting steps provided for this rule.

Remediation Steps:

To enforce the prohibition of public write access for FFIEC in S3 buckets, follow the step-by-step guide below:

Step 1: Access AWS Management Console

Access the AWS Management Console using your credentials.

Step 2: Navigate to S3

Navigate to the S3 service by selecting it from the list of AWS services available.

Step 3: Select the Target S3 Bucket

Select the S3 bucket that needs to be updated to prohibit public write access for FFIEC.

Step 4: Open Bucket Permissions

Within the S3 bucket, locate the "Permissions" tab or section and click on it to open the permissions settings.

Step 5: Edit Bucket Policy

In the permissions settings, find the "Bucket Policy" option and click on it to open the policy editor.

Step 6: Add or Update Bucket Policy

Add or update the bucket policy with the following code snippet to prohibit public write access for FFIEC.

{
  "Version": "2012-10-17",
  "Id": "FFIECProhibitPublicWriteAccessPolicy",
  "Statement": [
    {
      "Sid": "DenyPublicWriteAccess",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*",
      "Condition": {
        "StringEquals": {
          "aws:UserAgent": "FFIEC Browser"
        }
      }
    }
  ]
}

Replace "your-bucket-name" with the actual name of your S3 bucket.

Step 7: Save the Bucket Policy

Save the bucket policy to apply the changes.

Step 8: Verify the Configuration

Verify the configuration by testing access to the S3 bucket with public write permissions using the FFIEC browser user agent. Ensure that bucket writes are denied.

Additional Notes:

  • It is recommended to regularly review and audit the permissions and policies of S3 buckets to maintain the desired security posture.
  • Verify the effectiveness of the bucket policy by testing various scenarios and user agents.
  • Ensure that only authorized users or services have write access to the S3 bucket.

Is your System Free of Underlying Vulnerabilities?
Find Out Now