S3 bucket objects restrict public listing via ACL
- 24 Aug 2023
- 1 Minute to read
- DarkLight
S3 bucket objects restrict public listing via ACL
- Updated on 24 Aug 2023
- 1 Minute to read
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Description
Modify your bucket ACL to remove public READ access.
Rationale
- Public
READaccess allows the grantee to list all objects within your bucket and exploit objects with misconfigured ACL permissions.
For more information about S3 bucket ACLs, see the Access control list (ACL) documentation.
Remediation
From the console
Follow the Controlling access to a bucket with user policies docs to edit your existing policy and set the policy permissions to private.
From the command line
Run put-bucket-acl with your S3 bucket name and the ACL set to private.
aws s3api get-bucket-acl
--bucket your-bucket-name
--acl private