S3 Policies

  • Ensure bucket ACL does not grant READ permission to everyone
  • Ensure AWS S3 bucket is not publicly writable
  • Ensure bucket ACL does not grant READ_ACP permission to everyone
  • Ensure bucket ACL does not grant WRITE_ACP permission to everyone
  • Ensure bucket ACL does not grant FULL_CONTROL permission to everyone
  • Ensure bucket ACL does not grant READ permission to AWS users
  • Ensure bucket ACL does not grant WRITE permission to AWS users
  • Ensure bucket ACL does not grant WRITE_ACP permission to everyone
  • Ensure bucket ACL does not grant FULL_CONTROL permission to everyone
  • Ensure bucket ACL does not grant READ permission to AWS users
  • Ensure bucket ACL does not grant WRITE permission to AWS users
  • Ensure bucket ACL does not grant READ_ACP permission to AWS users
  • Ensure bucket ACL does not grant WRITE_ACP permission to AWS users
  • Ensure bucket ACL does not grant FULL_CONTROL permission to AWS users
  • Ensure S3 bucket policy does not grant Allow permission to everyone
  • Ensure AWS access logging is enabled on S3 buckets
  • Ensure data stored in the S3 bucket is securely encrypted at rest
  • Ensure data is transported from the S3 bucket securely
  • Ensure AWS S3 object versioning is enabled
  • Ensure bucket policy does not grant Write permissions to public
  • Ensure S3 bucket has block public ACLS enabled
  • Ensure S3 bucket BlockPublicPolicy is set to True
  • Ensure S3 bucket IgnorePublicAcls is set to True
  • Ensure S3 bucket RestrictPublicBucket is set to True
  • Ensure S3 bucket does not allow an action with any Principal
  • Ensure S3 bucket MFA Delete is enabled
  • Ensure S3 bucket modifications can be detected
ReLambda