More Info:

AWS S3 buckets should use Object Lock for data protection and/or regulatory compliance and in order to prevent the objects they store from being deleted.

Risk Level

Low

Address

Security

Compliance Standards

HIPAA, SOC2

Triage and Remediation

Remediation

To remediate the issue of S3 buckets not having write configuration enabled, you can follow the below steps using AWS console:

  1. Log in to the AWS Management Console.
  2. Navigate to the S3 service.
  3. Select the S3 bucket that you want to remediate.
  4. Click on the “Permissions” tab.
  5. Scroll down to the “Bucket policy” section and click on “Edit”.
  6. Add the following policy to enable write configuration:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowWrite",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:PutBucketVersioning",
                "s3:PutBucketAcl",
                "s3:PutBucketPolicy",
                "s3:PutBucketLogging",
                "s3:PutBucketWebsite",
                "s3:PutBucketNotification",
                "s3:PutBucketTagging",
                "s3:PutLifecycleConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::your-bucket-name"
            ]
        }
    ]
}

Note: Replace “your-bucket-name” with the actual name of your S3 bucket.

  1. Click on “Save changes” to save the policy.
  2. Verify that the write configuration is now enabled for the S3 bucket by checking the bucket properties.

Additional Reading: