Rule: S3 Buckets Should Prohibit Public Read Access
This rule ensures that S3 buckets do not allow public read access to enhance data security.
| Rule | S3 buckets should prohibit public read access |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Medium |
Description
This rule pertains to the RBI (Reserve Bank of India) Cyber Security Framework requirements for S3 buckets in the context of Amazon Web Services (AWS). The rule states that S3 buckets should prohibit public read access. This means that the contents of the S3 buckets should not be accessible to the public.
Policy Details
To comply with the RBI Cyber Security Framework requirements, all S3 buckets must have public read access disabled. This rule ensures that sensitive or confidential data stored in S3 buckets cannot be accessed by unauthorized users on the internet.
Public read access to S3 buckets can be misused by attackers to gain unauthorized access to confidential data, which can lead to data leaks, privacy breaches, and potential financial and reputational damage.
By enforcing this policy, you ensure that only authorized users or services can access the data stored in the S3 buckets, reducing the risk of data exposure and unauthorized access.
Troubleshooting Steps
If public read access is found enabled for an S3 bucket, the following troubleshooting steps can be followed to remediate the issue:
- 1.Identify the S3 bucket(s) with public read access enabled. This can be done by inspecting the bucket policies and Access Control Lists (ACLs) associated with each bucket.
- 2.Review the current configuration of the S3 bucket to understand why public read access is allowed.
- 3.Determine if there are any legitimate reasons for enabling public read access. In most cases, it should not be required for compliance with the RBI Cyber Security Framework.
- 4.If there are no legitimate reasons, proceed with the remediation steps.
Remediation Steps
To remediate the issue and ensure that public read access is disabled for the S3 bucket(s), follow these steps:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the S3 service.
- 3.Select the S3 bucket(s) that require remediation.
- 4.Click on the "Permissions" tab.
- 5.Review the bucket policies and Access Control Lists (ACLs) associated with the selected bucket(s).
- 6.Remove any policies or ACL entries that grant public read access.
- 7.Replace the existing policies or ACL entries with more restrictive access controls, allowing access only to authorized users or services.
- 8.Save the changes and validate the updated access controls to ensure public read access has been successfully disabled.
Additional Information
It is also recommended to regularly monitor and audit the S3 bucket configurations for any changes that may introduce public read access. Implementing preventive measures, such as proactive monitoring and automated policy enforcement, can help maintain the integrity and security of S3 bucket configurations over time.
Additionally, it is advisable to educate and train users who have access to AWS resources about the importance of not granting public read access and the potential risks associated with such misconfigurations.