Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Buckets Should Prohibit Public Write Access

This rule ensures that S3 buckets do not allow public write access, preventing unauthorized modifications.

RuleS3 buckets should prohibit public write access
FrameworkRBI Cyber Security Framework
Severity
High

Rule Description:

According to the RBI Cyber Security Framework, S3 buckets should not allow public write access. This means that any public user or unauthorized entity should not be able to write or upload objects to the S3 bucket.

Troubleshooting Steps:

If public write access is enabled for an S3 bucket, it can pose security risks and may lead to data breaches or unauthorized modifications. To troubleshoot this issue, follow the steps below:

  1. 1.
    Identify the S3 bucket(s) with public write access.
  2. 2.
    Review the bucket policies and access control lists (ACLs) associated with these buckets.
  3. 3.
    Check if any objects within the bucket have public write permissions set.
  4. 4.
    Verify if any IAM policies or roles provide public write access to the bucket.
  5. 5.
    Inspect any associated access logs or CloudTrail logs for indication of unauthorized write attempts.

Necessary Code:

If public write access is found for an S3 bucket, consider using the following AWS CLI command to remove public write permissions:

aws s3api put-bucket-acl --bucket BUCKET_NAME --acl private

Replace

BUCKET_NAME
with the actual name of the bucket.

Step-by-Step Guide for Remediation:

To remediate the issue of public write access for S3 buckets, follow the steps below:

  1. 1.

    List all S3 buckets in your AWS account.

  2. 2.

    Identify the buckets that have public write access.

  3. 3.

    For each bucket:

    a. Review the bucket policy and access control list (ACL) to identify the source of public write access.

    b. Determine if the public write access is intentional or unintentional.

    c. If unintentional, proceed to the next step. Otherwise, ensure that appropriate security measures are in place to prevent unauthorized modifications.

    d. Execute the following command to remove public write access:

    aws s3api put-bucket-acl --bucket BUCKET_NAME --acl private
    

    Replace

    BUCKET_NAME
    with the actual name of the bucket.

    e. Verify that the public write access has been successfully removed.

  4. 4.

    Repeat the above steps for all S3 buckets with public write access.

By following this remediation guide, you will ensure that S3 buckets within your environment comply with the RBI Cyber Security Framework by prohibiting public write access.

Is your System Free of Underlying Vulnerabilities?
Find Out Now