More Info:

AWS S3 buckets should not be publicly accessible via bucket policies in order to protect against unauthorized access. Granting public access to your S3 buckets via bucket policies can allow malicious users to view, get, upload, modify and delete S3 objects, actions that can lead to data loss and unexpected charges on your AWS bill.

Risk Level

Critical

Address

Security

Compliance Standards

CBP, GDPR

Triage and Remediation

Remediation

Using Console

Additional Reading: