S3 bucket ACL is restricted from public view

Updated on 24 Aug 2023
1 Minute to read

Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Description

Modify your bucket ACL to remove public READ_ACP access.

Rationale

Public READ_ACP access gives anyone the ability to read the bucket ACL. With this permission, anyone can see who controls your objects. This information can potentially be used to find misconfigured permissions and gain access to your S3 data.
For more information about S3 bucket ACLs, see the Access control list (ACL) documentation.

Remediation

From the console

Follow the Controlling access to a bucket with user policies documentation to edit your existing policy and set the policy permissions to private.

From the command line

Run put-bucket-acl with your S3 bucket name and the ACL set to private.

aws s3api get-bucket-acl
 --bucket your-bucket-name
 --acl private

What's Next

S3 bucket ACLs are configured to block public write actions

Table of contents

Description
Rationale
Remediation