S3 Bucket ACL WRITE Permission Granted to All

Tenacity Id

Risk Level

Categories

s3-015

3

Last Updated:

April 21, 2022

An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants WRITE access permissions to All. Granting WRITE permission to All means that anyone, including public users, can add, delete, or replace bucket objects, potentially destroying data or creating harmful objects. S3 bucket access permissions should be granted using the least privilege principle. Remove S3 bucket WRITE permissions for All and restrict WRITE to only required users or groups.