Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule for S3 Buckets Prohibiting Public Read Access

Guideline ensuring S3 buckets restrict public read access for enhanced security measures.

RuleS3 buckets should prohibit public read access
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description

This rule is aimed at ensuring that S3 buckets are configured to prohibit public read access in order to comply with the security requirements specified in the NIST 800-171 Revision 2 framework.

Troubleshooting Steps

  2. 1.
    Identify all S3 buckets within the AWS environment.
  4. 2.
    Check if any S3 buckets have public read access permissions enabled.
  6. 3.
    Review the configuration of each identified bucket to determine if public access is enabled.
  8. 4.
    Identify any objects within the buckets that have public read access.
  10. 5.
    Confirm if the S3 bucket's policies are compliant with the NIST 800-171 Revision 2 framework.

Necessary Codes

There are no necessary codes for this rule, as it involves configuring the permissions of S3 buckets through AWS Management Console or CLI commands.

Remediation Steps

  2. 1.
    Log in to the AWS Management Console or open the AWS CLI.
  4. 2.
    Identify the S3 bucket that has public read access enabled.
  6. 3.
    Ensure you have the necessary permissions to modify the bucket's policy.
  8. 4.
    Disable public read access for the identified S3 bucket using one of the following methods:

AWS Management Console

  2. 1.
    Open the S3 service in the AWS Management Console.
  4. 2.
    Select the S3 bucket with public read access.
  6. 3.
    Click on the "Permissions" tab.
  8. 4.
    Locate the "Access Control List (ACL)" section.
  10. 5.
    Remove any access grants that allow public read access.
  12. 6.
    Save the changes.

AWS CLI

  2. 1.
    Open the AWS CLI on your local machine or a terminal.
  4. 2.
    Run the following command to update the bucket policy:
aws s3api put-bucket-acl --bucket YOUR_BUCKET_NAME --acl private

Replace 

YOUR_BUCKET_NAME
with the name of the bucket you want to modify.

  2. 1.
    Verify the changes by checking the bucket's ACL again using the following command:
aws s3api get-bucket-acl --bucket YOUR_BUCKET_NAME

Conclusion

Following the above steps will ensure that your S3 buckets do not have public read access, thus meeting the compliance requirements of the NIST 800-171 Revision 2 framework. Periodically review the permissions of your S3 buckets to ensure ongoing compliance and security.

Is your System Free of Underlying Vulnerabilities?
Find Out Now