Rule: S3 Buckets Should Prohibit Public Write Access

Rule Description:

Troubleshooting Steps:

2. 1.
   Verify Bucket Policies: Check the bucket policies to ensure there are no policies that allow public write access.
4. 2.
   Review Access Control Lists (ACLs): Examine the ACLs of the S3 buckets to confirm that there are no grants or permissions that allow public write access.
6. 3.
   Check Bucket Permissions: Validate the bucket permissions to ensure that there are no publicly writable permissions on the S3 buckets.

Necessary Code:

{
    "Version": "2012-10-17",
    "Id": "DenyPublicWriteAccess",
    "Statement": [
        {
            "Sid": "DenyPublicWriteACL",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}

Step-by-step Guide for Remediation:

2. 1.
   Open the AWS Management Console and navigate to the S3 service.
4. 2.
   Select the S3 bucket that needs to be configured.
6. 3.
   Go to the "Permissions" tab.
8. 4.
   Click on the "Bucket Policy" button.
10. 5.
    Replace any existing bucket policy with the provided necessary code.
12. 6.
    Modify the

    "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"

    line, replacing YOUR_BUCKET_NAME with the actual name of your bucket.
14. 7.
    Click "Save" to apply the new bucket policy.
16. 8.
    Verify that public write access is denied by attempting to write an object to the S3 bucket using public permissions. It should result in an "Access Denied" error.
18. 9.
    Monitor the S3 bucket access logs and regularly review the bucket policies to ensure compliance with the prohibition of public write access.