Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Buckets Should Prohibit Public Read Access

This rule ensures S3 buckets do not allow public read access, enhancing security measures.

RuleS3 buckets should prohibit public read access
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

Rule Description:

This rule ensures that all S3 buckets adhere to the security best practice of prohibiting public read access, specifically for compliance with the NIST Cybersecurity Framework (CSF) version 1. The NIST CSF provides guidance and a framework for organizations to assess and improve their cybersecurity practices.

Troubleshooting Steps (if applicable):

If public read access is detected in any S3 bucket, follow these troubleshooting steps to remediate the issue:

  1. 1.

    Identify the S3 bucket with public read access:

    • Go to the AWS Management Console and navigate to the S3 service.
    • Review the list of S3 buckets and look for any buckets marked as having public read access.
  2. 2.

    Audit bucket permissions:

    • Select the bucket with public read access.
    • In the bucket's settings, navigate to the "Permissions" tab.
    • Examine the policies and access controls configured for the bucket.
  3. 3.

    Remove public read access:

    • If any explicit bucket policies or access control lists (ACLs) allow public read access, modify or delete them to remove the permissions.
    • Make sure that only authorized users and services have access to the bucket.
  4. 4.

    Enable default encryption (optional):

    • To further enhance security, enable default encryption for the S3 bucket.
    • This ensures that all objects stored in the bucket are automatically encrypted.
  5. 5.

    Audit other buckets:

    • Repeat the above steps for any other buckets that may have public read access.

Code (if applicable):

There is no specific code provided for this rule, as the remediation steps involve modifying bucket policies and access controls through the AWS Management Console. However, you can use the AWS Command Line Interface (CLI) to automate these steps.

Remediation Steps:

Follow the steps below to remediate the issue using the AWS Management Console:

  1. 1.

    Go to the AWS Management Console and open the S3 service.

  2. 2.

    Identify the S3 bucket with public read access.

  3. 3.

    Select the bucket and click on the "Permissions" tab.

  4. 4.

    Review the bucket policies and access control lists (ACLs) to identify any configurations allowing public read access.

  5. 5.

    Modify or delete any explicit policies or ACLs that provide public read access.

  6. 6.

    Save the changes and verify that the bucket no longer allows public read access.

  7. 7.

    Repeat these steps for any other buckets with public read access.

Note:

Ensuring that S3 buckets prohibit public read access is crucial for maintaining the security and integrity of your data. By adhering to the NIST Cybersecurity Framework (CSF) v1, you establish strong safeguards against unauthorized access and potential data breaches. Regular monitoring of bucket permissions and implementing necessary remediation steps is essential to maintain compliance and protect sensitive information.

Is your System Free of Underlying Vulnerabilities?
Find Out Now