This rule ensures S3 buckets do not allow public write access, enhancing security.
Rule | S3 buckets should prohibit public write access |
Framework | Federal Financial Institutions Examination Council (FFIEC) |
Severity | ✔ High |
Rule Description:
The rule states that S3 buckets should have public write access prohibited specifically for the Federal Financial Institutions Examination Council (FFIEC). This rule aims to ensure the security and privacy of sensitive financial data and the compliance of S3 buckets with regulatory requirements.
Troubleshooting Steps:
No troubleshooting steps provided for this rule.
Remediation Steps:
To enforce the prohibition of public write access for FFIEC in S3 buckets, follow the step-by-step guide below:
Step 1: Access AWS Management Console
Access the AWS Management Console using your credentials.
Step 2: Navigate to S3
Navigate to the S3 service by selecting it from the list of AWS services available.
Step 3: Select the Target S3 Bucket
Select the S3 bucket that needs to be updated to prohibit public write access for FFIEC.
Step 4: Open Bucket Permissions
Within the S3 bucket, locate the "Permissions" tab or section and click on it to open the permissions settings.
Step 5: Edit Bucket Policy
In the permissions settings, find the "Bucket Policy" option and click on it to open the policy editor.
Step 6: Add or Update Bucket Policy
Add or update the bucket policy with the following code snippet to prohibit public write access for FFIEC.
{
"Version": "2012-10-17",
"Id": "FFIECProhibitPublicWriteAccessPolicy",
"Statement": [
{
"Sid": "DenyPublicWriteAccess",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::your-bucket-name/*",
"Condition": {
"StringEquals": {
"aws:UserAgent": "FFIEC Browser"
}
}
}
]
}
Replace "your-bucket-name" with the actual name of your S3 bucket.
Step 7: Save the Bucket Policy
Save the bucket policy to apply the changes.
Step 8: Verify the Configuration
Verify the configuration by testing access to the S3 bucket with public write permissions using the FFIEC browser user agent. Ensure that bucket writes are denied.
Additional Notes: