More Info:

AWS S3 buckets should not allow READ_ACP access to AWS authenticated users using ACLs in order to protect against unauthorized access.

Risk Level

Medium

Address

Security

Compliance Standards

CBP, PCIDSS, NIST

Triage and Remediation

Remediation

Here are the step by step instructions to remediate the S3 Bucket misconfiguration for AWS using AWS Console:

  1. Log in to your AWS Management Console.

  2. Go to the S3 service dashboard.

  3. Select the bucket that you want to remediate.

  4. Click on the “Permissions” tab.

  5. Scroll down to the “Access Control List (ACL)” section.

  6. Click on the “Edit” button next to the “Authenticated Users” group.

  7. Uncheck the “Read” permission for the “Access Control Policy (ACP)“.

  8. Click on the “Save” button to apply the changes.

  9. Verify that the “Read” permission for the “Access Control Policy (ACP)” is no longer enabled for the “Authenticated Users” group.

  10. Repeat the above steps for any other S3 buckets that may have this misconfiguration.

By following these steps, you will have successfully remediated the S3 Bucket misconfiguration of not allowing READ_ACP access for authenticated users in AWS.

Additional Reading: