top of page

S3.6

S3 permissions granted to other AWS accounts in bucket policies should be restricted

Severity

Cloud Platforms

Resources

Related Standards

Automated

HIGH

AWS

Amazon S3

AWS Foundational Best Practice, CIS v8, NIST CSF, NIST.800-53.r5,

YES

This control checks whether the S3 bucket policy allows sensitive bucket-level or object-level actions from a principal in another AWS account. The control fails if any of the following actions are allowed in the S3 bucket policy for a principal in another AWS account: s3:DeleteBucketPolicy; s3:PutBucketAcl; s3:PutBucketPolicy; s3:PutObjectAcl; and s3:PutEncryptionConfiguration.

6pl org white ai logo.png

(C) Copyright 2023 6PILLARS CLOUD AUTOMATION PTY LTD

bottom of page