S3 Bucket ACL FULL_CONTROL Permission Granted to All Authenticated Users

Tenacity Id

Risk Level

Categories

s3-021

3

Last Updated:

April 21, 2022

An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants FULL_CONTROL access permissions to All Authenticated AWS Users. Granting FULL_CONTROL permission to All Authenticated users means that anyone with an AWS user account can READ, READ_ACP, and WRITE_ACP permissions on the object, potentially destroying data or creating harmful objects. S3 bucket access permissions should be granted using the least privilege principle. Remove S3 bucket FULL_CONTROL permissions for All Authenticated users and restrict FULL_CONTROL to only required users or groups.