Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
AI CloudAdvisor (Beta)
Configuration Stack0
My Presets
Security Controls
Service Control Policies
Config Rules
CloudWatch Alarms and Event Rules
CloudFormation Guard Rules
Logging & Monitoring Configurations
Backups & DR
Auto Remediation Rules
Conformance Packs
Billing and Cost Management
S3 Bucket Policies
Security Groups & NACLs
IAM Policies
VPC Endpoint PoliciesAWS Services
Guided Walkthroughs
Configuration Packages
Reference Guides
Other
S3 Bucket Policies
Prevent S3 Buckets and Objects from Allowing Public Access.
An S3 Bucket policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the bucket's policy to public read or upload objects to the bucket if the objects have public permissions.
Missing Parameters
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::/*"
],
"Effect": "Deny",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": [
"public-read",
"public-read-write",
"authenticated-read"
]
}
}
},
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::/*"
],
"Effect": "Deny",
"Condition": {
"StringLike": {
"s3:x-amz-grant-read": [
"*http://acs.amazonaws.com/groups/global/AllUsers*",
"*http://acs.amazonaws.com/groups/global/AuthenticatedUsers*"
]
}
}
},
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutBucketAcl"
],
"Resource": [
"arn:aws:s3:::"
],
"Effect": "Deny",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": [
"public-read",
"public-read-write",
"authenticated-read"
]
}
}
},
{
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutBucketAcl"
],
"Resource": [
"arn:aws:s3:::"
],
"Effect": "Deny",
"Condition": {
"StringLike": {
"s3:x-amz-grant-read": [
"*http://acs.amazonaws.com/groups/global/AllUsers*",
"*http://acs.amazonaws.com/groups/global/AuthenticatedUsers*"
]
}
}
}
]
}Actions
Customize Template
* Required field
Upgrade to Premium for More Features
Configuration Packages
Pre-built packages for common configuration
Common SCPs
CloudFormation Guard Rules
Auto Remediation Rules
IAM Monitoring & Compliance
All Packages
Automated Assessments
- 350+ security checks
- Well-architected reviews
- Detailed compliance reports
- Remediation templates
- Email summaries
- Learn more