top of page
AWS Foundational Security Best Practice
S3.6
S3 permissions granted to other AWS accounts in bucket policies should be restricted
Severity
Cloud Platforms
Resources
HIGH
AWS
Amazon S3
This control checks whether the S3 bucket policy allows sensitive bucket-level or object-level actions from a principal in another AWS account. The control fails if any of the following actions are allowed in the S3 bucket policy for a principal in another AWS account: s3:DeleteBucketPolicy; s3:PutBucketAcl; s3:PutBucketPolicy; s3:PutObjectAcl; and s3:PutEncryptionConfiguration.
bottom of page