S3 Buckets Should Not Allow Public READ Access

More Info:

AWS S3 buckets should not allow public READ access in order to protect against unauthorized access.

Risk Level

Medium

Address

Security

Compliance Standards

HIPAA, PCIDSS, NIST, SOC2, AWSWAF

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of S3 buckets allowing public READ access in AWS using AWS CLI, you can follow the below steps:

Open the AWS CLI on your local machine and run the following command to list all the S3 buckets in your AWS account:
```
aws s3api list-buckets
```
Identify the S3 bucket(s) that have public READ access.
Run the following command to remove public READ access from the identified S3 bucket(s):
```
aws s3api put-bucket-acl --bucket <bucket-name> --acl private
```
Replace <bucket-name> with the name of the identified S3 bucket.
Verify that public READ access has been removed from the S3 bucket(s) by running the following command:
```
aws s3api get-bucket-acl --bucket <bucket-name>
```
Replace <bucket-name> with the name of the identified S3 bucket.
Repeat steps 3 and 4 for all the S3 buckets that have public READ access.
Once all the S3 buckets have been remediated, ensure that you have a process in place to regularly monitor your S3 buckets for public READ access and remediate any misconfigurations promptly.

Using Python

To remediate the issue of S3 Buckets allowing public READ access in AWS using python, follow these steps:

Install the AWS SDK for Python (boto3) using pip:

pip install boto3

Create an AWS S3 client using boto3:

import boto3

s3 = boto3.client('s3')

List all S3 buckets in your AWS account using the list_buckets() method:

response = s3.list_buckets()

for bucket in response['Buckets']:
    print(f'Bucket Name: {bucket["Name"]}')

For each S3 bucket, check if it has any public READ access by using the get_bucket_acl() method:

response = s3.get_bucket_acl(Bucket='bucket-name')

for grant in response['Grants']:
    if 'URI' in grant['Grantee'] and grant['Permission'] == 'READ':
        print('Public READ access found')

If public READ access is found, remove it by using the put_bucket_acl() method:

response = s3.put_bucket_acl(
    Bucket='bucket-name',
    ACL='private'
)

print('Public READ access removed')

Repeat steps 4-5 for all S3 buckets in your AWS account.

By following these steps, you can remediate the issue of S3 Buckets allowing public READ access in AWS using python.

Additional Reading:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-overview.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

S3 Buckets Should Not Allow Public READ Access

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: