S3 Bucket ACL READ Permission Granted to All Authenticated Users

Tenacity Id

Risk Level

Categories

s3-019

3

Last Updated:

April 21, 2022

An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants READ access permissions to All Authenticated AWS Users. Granting READ permission to All Authenticated users means that anyone with an AWS user account can read bucket objects, potentially exposing sensitive data. S3 bucket access permissions should be granted using the least privilege principle. Remove S3 bucket READ permissions for All Authenticated users and restrict READ to only required users or groups.