Identify and remediate public cloud compliance misconfigurations, mitigate security threats and control your expenses from one simple, easy to use platform.
April 21, 2022
An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants READ_ACP access permissions to All Authenticated AWS Users. Unrestricted access to a buckets READ_ACP will allow anyone with an AWS user account to read the S3 bucket ACL which could reveal critical configuration information to a malicious actor. S3 bucket ACLs are used to control user access to buckets and objects. Remove S3 bucket READ_ACP permissions for All Authenticated users and restricted it to only required users or groups.