---
names:
  full: "AWS S3 Bucket Policy allows public read or write access"
  contextual: "Bucket Policy allows public read or write access"
description: >
  S3 bucket policies should not grant public read or write permissions. Allowing 
  principals like '*' (everyone) can lead to unintended data exposure, 
  modification, or deletion, posing a significant security risk.
type: "COMPLIANCE_POLICY"
categories:
  - "SECURITY"
frameworkMappings:
  - "/frameworks/cloudaware/resource-security/public-data-access"
  - "/frameworks/aws-fsbp-v1.0.0/s3/02"
  - "/frameworks/aws-fsbp-v1.0.0/s3/03"
  - "/frameworks/aws-well-architected/sec/08/04"
similarPolicies:
  awsSecurityHub:
    - name: "[S3.2] S3 general purpose buckets should block public read access"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-2"
    - name: "[S3.3] S3 general purpose buckets should block public write access"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-3"