You must be logged in to view saved presets
Prevent S3 Buckets and Objects from Allowing Public Access.
An S3 Bucket policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the bucket's policy to public read or upload objects to the bucket if the objects have public permissions.
Missing Parameters
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::/*"
],
"Effect": "Deny",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": [
"public-read",
"public-read-write",
"authenticated-read"
]
}
}
},
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::/*"
],
"Effect": "Deny",
"Condition": {
"StringLike": {
"s3:x-amz-grant-read": [
"*http://acs.amazonaws.com/groups/global/AllUsers*",
"*http://acs.amazonaws.com/groups/global/AuthenticatedUsers*"
]
}
}
},
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutBucketAcl"
],
"Resource": [
"arn:aws:s3:::"
],
"Effect": "Deny",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": [
"public-read",
"public-read-write",
"authenticated-read"
]
}
}
},
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutBucketAcl"
],
"Resource": [
"arn:aws:s3:::"
],
"Effect": "Deny",
"Condition": {
"StringLike": {
"s3:x-amz-grant-read": [
"*http://acs.amazonaws.com/groups/global/AllUsers*",
"*http://acs.amazonaws.com/groups/global/AuthenticatedUsers*"
]
}
}
}
]
}Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.