S3 Bucket Has ACLs Enabled

Overview

Verify whether ACLs are enabled for S3 buckets. S3 ACLs represent an outdated form of access control that predates IAM. Presently, IAM and bucket policies are the recommended approaches. Confirm that S3 ACLs are deactivated (BucketOwnerEnforced). Employ IAM policies and bucket policies for access management purposes.

Vendor

AWS

Cloud Service

S3.12

References

https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html

Severity

Item Types

AWS::S3::Bucket

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​