Ensure Object ACLs cant be turned public inside private S3 buckets.

  • 17 September 2021
  • 0 replies

Badge +1

Inside an AWS Private S3 bucket, a specific object can be made public by using any of the following steps:



  • Update the object's access control list (ACL) using the Amazon S3 console
  • Update the object's ACL using the AWS Command Line Interface (AWS CLI)

In order to make sure that a specific object is not turned public inside an otherwise private S3 bucket, we can make use of the AWS Block Public Access Settings , specifically the IgnorePublicAcls (Block public access to buckets and objects granted through any access control lists (ACLs)) boolean.

Netskope SPM allows to write  custom rule for checking the above  configuration for each S3 bucket:
S3Bucket should have Access eq "Private"


0 replies

Be the first to reply!