Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Buckets Should Prohibit Public Read Access

This rule ensures that S3 buckets restrict public read access to enhance security measures.

RuleS3 buckets should prohibit public read access
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description

The rule ensures that S3 buckets do not allow public read access to meet the security requirements set by NIST 800-53 Revision 5. Public read access allows anyone to access the contents of the S3 bucket, which could lead to unauthorized access or data breaches.

Remediation Steps

To remediate this rule, you need to configure the S3 bucket policies and access control lists (ACLs) to prohibit public read access. Here are step-by-step instructions for accomplishing this:

AWS Management Console

  1. 1.
    Open the Amazon S3 console.
  2. 2.
    Select the desired S3 bucket from the list.
  3. 3.
    Click on the "Permissions" tab.
  4. 4.
    Under the "Block public access (bucket settings)" section, click on "Edit."
  5. 5.
    Make sure all the checkboxes are selected, including "Block all public access" and "Block public access to buckets and objects granted through new access control lists (ACLs)."
  6. 6.
    Click on "Save changes."

AWS CLI

  1. 1.
    Open the command-line interface on your local machine.
  2. 2.
    Run the following command to enable the blocking of public access for the S3 bucket:
aws s3 put-public-access-block --bucket <bucket-name> --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

Make sure to replace

<bucket-name>
with the actual name of your S3 bucket.

Troubleshooting

If you encounter any issues or errors during the remediation process, here are some troubleshooting steps you can follow:

  1. 1.
    Verify that you have the necessary permissions to modify S3 bucket policies and ACLs. Make sure you are using an IAM user or role with sufficient permissions.
  2. 2.
    Double-check the bucket name and ensure it matches the correct bucket you want to modify.
  3. 3.
    Check if there are conflicting policies or ACLs that may still allow public read access. Review the existing bucket policies and ACLs carefully.
  4. 4.
    Ensure that your AWS CLI is properly configured with the appropriate credentials.

If you are unable to resolve the issue, consider seeking assistance from AWS support or consulting the AWS documentation for further guidance.

Conclusion

By following the provided remediation steps, you can ensure that your S3 buckets prohibit public read access to meet the security requirements outlined in NIST 800-53 Revision 5. This helps protect your data and ensures compliance with security best practices.

Is your System Free of Underlying Vulnerabilities?
Find Out Now