Ensure bucket policy does not grant Write permissions to public

Error: Bucket policy grants Write permissions to public

Bridgecrew Policy ID: BC_AWS_S3_18
Severity: CRITICAL

Bucket policy grants Write permissions to public

Description

S3 policies allow setting public permissions for the bucket they are attached to. Misconfiguration could lead to these policies allowing public Write access to the bucket. Granting public Write permissions to a bucket may expose you to abuse of storage, lead to unexpected charges, or storage of malicious files.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.

  2. Open the Amazon S3 console.

  3. Navigate to the S3 service, then click on the bucket violating this check.

  4. Navigate to the Permissions section.

  5. Select Bucket Policy.

  6. Look for a statement that allows write, either through s3:Put actions or through s3:* actions, using the following command:

    {
    Sid: BadPractice,
    Effect: Allow,
    Principal: *,
    Action: s3:*,
    Resource: <YOUR_BUCKET_ARN>
    }
    
  7. To apply the policy to the bucket, click Save.